Changing OU to default?

[Jason Gerfen]

I have posted a few questions in the normal samba lists and have not 
recieved an answer, other then to remove the AD object and try again.

Here is what I am trying to accomplish;  Using samba as a file server 
for users authenticating through kerberos and active directory.

I have followed the samba-howto on samba.org, and here is my smb.conf

[global]
#
# Network configuration
#
     server string = doc-odin.domain.com
     workgroup = DOMAIN
     netbios name = DOC-ODIN
     realm = DOMAIN
     security = ADS
     password server = server.domain.com server2.domain.com

#
# Domain configuation options
#
     prefered master = no
     local master = no
     domain master = no
     prefered master = no
     domain logons = no

#
# Security options
#
     encrypt passwords = yes
     update encrypted = yes
     password level = 20

#
# Winbind options
#
#
     winbind use default domain = no
     winbind cache time = 5
     winbind separator = /
     winbind enum users = no
     winbind enum groups = no
     winbind nested groups = yes

#
# User/Group mapping options
#
     idmap uid = 500-500000
     idmap gid = 500-500000
     add user script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s 
/bin/false -M %u
     add machine script = /usr/sbin/useradd -c Machine -d 
/var/lib/nobody -s /bin/false %m$

#
# LDAP/AD configuration options
#
     passdb backend = ldapsam:LDAP://server2.domain.com
     ldap admin dn = "cn=readonly,cn=users,dc=domain,dc=com
     ldap user suffix = cn=users
     ldap group suffix = ou=groups
     ldap suffix = dc=domain,dc=com
     ldap delete dn = no
     use spnego = yes

#
# Networking options
#
     hide unreadable = no
     wins support = no
     dns proxy = no
     interfaces = eth* lo
     bind interfaces only = yes
     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
     hosts deny = 0.0.0.0/0

#
# Miscellaneous options
#
     os level = 20
     template shell = /bin/false
     template homedir = /odin/%D/%U
     load printers = no

#
# Logging options
#
     log level = 1 ads:5 auth:5 sam:5 rpc:5

I am able to join the domain, I am able to view users, just not the 
correct users.  I mapped a OU=users when I needed to map the CN=users 
(which is the default) and I am not able to run the net ads join -U 
username at realm.com "container/users" without getting an error that 
CN=users is not a valid OU.  I have already attempted to delete the 
server name from active directory and re-joining.

A co-worker and I were talking about everything we could do, and the 
only thing that has not been done is using another AD Administrative 
user to join the domain with.  Any help is appreciated.

-- 
Jason Gerfen

"My girlfriend threated to
 leave me if I went boarding...
 I will miss her."
 ~ DIATRIBE aka FBITKK