samba - Aug 2010 - Help needed: Ubuntu 8.04/Winbind broken under Windows 2008R2 PDC

Hi all,

I am running 3 ubuntu 8.04 LTSP servers that use Active Directory via
winbind for authentication. We've recently upgraded the Domain
Controllers to
Windows 2008 R2 and now domain users can't log in to these linux boxes.

- wbinfo and getent passwd still return correct information
root can still su to a domain user account
id returns correct user info
however login fails. auth.log shows:

Aug 27 16:59:00 vbuntu sshd[11743]: pam_winbind(sshd:auth): getting
password (0x00000000)
Aug 27 16:59:00 vbuntu sshd[11743]: pam_winbind(sshd:auth): request
failed: Named pipe dicconnected, PAM error was System error (4), NT
error was NT_STATUS_PIPE_DISCONNECTED
Aug 27 16:59:00 vbuntu sshd[11743]: pam_winbind(sshd:auth): internal
module error (retval = 4, user = 'flyboy')


The ubuntu boxes are running winbind version 3.0.28a-1ubuntu4.12 and
Canonical won't be supporting newer versions on this release afaik. I
don't have the option
to upgrade these servers.

On the theory that my problem probably stems from an ancient samba
version I downloaded the latest samba source 3.5.4 and compiled it and
was able to join AD and
get wbinfo -u and wbinfo -g to return users and wbinfo -i shows
correct mapping for individual users. However neither getent passwd or
getent group return domain users. And domain users are still  not able
to log in.

I followed the howto in the wiki
http://wiki.samba.org/index.php/Samba_%26_Active_Directory but that
seems slightly dated and it has nothing to say about Windows 2008 R2.

I am hoping someone here has been down this road before and can help me.

Thanks!

John