samba - Nov 2007 - PDC Ldap adding computers to domain

I have a problem setting up samba using ldap as a domain server.
When I try to configure a windows 2000 machine to join the domain I
first get an authentication request where I enter root and roots
password. The dialog disapears for a while (20-30 seconds) and then
displays an error dialog with something like "The user name could not
be found" (but in swedish).
The computer name shows up in the ldap database after this.

I'm using:
Debian etch
samba 3.0.24-6etch5
smbldap-tools 0.9.2-3
OpenLDAP (slapd) 2.3.30-5

I set the debugging to level 2 and get this for each attempt at
configuring the computer in /var/log/samba/log.troll

[2007/11/30 01:45:51, 0] lib/util_sock.c:write_data(562)
  write_data: write failure in writing to client 10.0.0.203. Error
Connection reset by peer
[2007/11/30 01:45:51, 0] lib/util_sock.c:send_smb(769)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
[2007/11/30 01:45:51, 2] lib/smbldap.c:smbldap_open_connection(788)
  smbldap_open_connection: connection opened
[2007/11/30 01:45:51, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
  init_sam_from_ldap: Entry found for user: root
[2007/11/30 01:45:51, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
  init_group_from_ldap: Entry found for group: 513
[2007/11/30 01:45:51, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [root] -> [root] ->
[root] succeeded
[2007/11/30 01:45:51, 2] smbd/reply.c:reply_tcon_and_X(711)
  Serving IPC$ as a Dfs root
[2007/11/30 01:45:52, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2797)
  Returning domain sid for domain CHAMPIS ->
S-1-5-21-3235403273-773503436-3870180080

my smb.conf

[global]
        workgroup = CHAMPIS
        server string = %h server
        passdb backend = ldapsam:ldap://localhost:389
        passwd program = /sbin/smbldap-passwd %u
        passwd chat = *New*password* %n\n *Retype*new*password %n\n
*all*authentication*tokens*updated*
        log level = 2
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        name resolve order = lmhosts host wins bcast
        add user script = /usr/sbin/smbldap-useradd -m %u
        add group script = /usr/sbin/smbldap-groupadd -p %g
        add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
        delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
        set primary group script = /usr/sbin/smbldap-usermod -g %g %u
        add machine script = /usr/sbin/smbldap-useradd -w %u
        logon path = \\%N\profiles\%U
        logon drive = H:
        domain logons = Yes
        os level = 42
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        wins support = Yes
        ldap admin dn = cn=admin,dc=proxxi,dc=org
        ldap delete dn = Yes
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Users
        ldap machine suffix = ou=Computers
        ldap passwd sync = Yes
        ldap replication sleep = 5000
        ldap suffix = dc=proxxi,dc=org
        ldap user suffix = ou=Users
        panic action = /usr/share/samba/panic-action %d

[homes]
        comment = Home Directories
        valid users = %U
        create mask = 0700
        directory mask = 0700
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /home/samba/netlogon
        guest ok = Yes
        share modes = No

[profiles]
        comment = Users profiles
        path = /home/samba/profiles
        create mask = 0600
        directory mask = 0700
        browseable = No

It seems my problems originated from the /etc/pam.d/samba file. It
told samba to, besides whatever authentication it does by itself, to
authenticate by pam_unix. Just remove the contents of /etc/pam.d/samba
and you will have one less problem to worry about. =)

We also had fitle with the nss config.

hope it helps someone.

/Eric Druid