samba - Sep 2007 - FOUND SOLUTION and question: Cannot access shares after joining Samba to AD 2000 domain

We had a Samba Version 3.0.23c-4 workgroup server on clarkconnect 4.1
(had to hunt for kbr5-workstation!) with a smbpasswd back-end that was
accessed from machines joined into an Active Directory Windows 2000
domain.

We switched the Samba server to be a domain member. We have done this
before so thought we knew all the could happen had already happened and
took extra care to follow our experience.

Did everything right, wbinfo and getent all showed fine etc etc etc. The
logs showed everything working etc. We also started with a fresh samba
cache, passwd, group and smbpasswd files.

First issue was: 

- Shares displayed when connecting to the server via \\servername or
\\ip.ser.ve.r but couldn't access them.

After much cajoling we found out the underlying issue: the shares all
pointed to directories inside an external drive, and while the
directories had correct permissions, the mount point didn't. 

We had great fun turning access on and off by simply doing "chgrp" on
the mount point. Weird, and to my knowledge, undocumented.

- Then we had another harrowing expeirence, when certain users couldn't
even get the share list via \\servername and got a login screen when
they did \\ip.ser.ve.r If we typed correct authentication info there
would still be no success.

We identified the issue as an authentication issue on the client side:

A) Clients whose username and passwords where the same in the domain and
the smbpasswd had no problems

B) Clients whose username was different had the issue.

We renamed the accounts on the domain to fit that of the old smbpasswd.
Yet now we got the same login screen, no success.

Then we changed the account passwords. Logged off. Logged in, got the
same login screen, but we could login now. We logged off again. We got
the login screen but this time we checked "remember". Logged off
again...

Then it worked even if the password changed, as expected.

What is the root issue of this at a technical level? It is weird it
behaved different when authenticating via domain or ip. It weird in
general!

WE HAVE ALREADY SOLVED THESE ISSUES. 

However, have others experienced this? 

Thanks,

Carlos