[Samba] Strange auth issue - non-domain member succeeds - domain members fail

[Rob Hughes]

So, title pretty much says it all. Now for the setup:

Win2k AD controller
SAMBA 3.0.0-2 (also tried versions up to the most recent src rpm)
Fedora Core 1

I can successfully join the domain as a member server, as verified by
deleting the machine account and rejoining. The machine account is
correctly recreated. However, I can only access shares, do net view
\\server, etc. from a non-domain member. Any attempt to access the samba
shares from a domain member results in much thrashing of disks, but then
either an access denied or resource no longer available error occurs. I
have verified that I can list accounts from the samba system residing on
the win2k domain successfully. I've bumped up logging rather a lot, and am
getting quite a bit of info, but aren't sure exactly what I should be
looking for. I do see entries in the log for the machine which seem to
indicate the kerberos token is successfully retrieved, but haven't been
able to determine a lot more.

Most frustrating is that this was working perfectly (though a couple of
other things weren't, with hints that the issues had been fixed in fedora)
before the upgrade. However, I had to remove sambe in order to complete the
upgrade. I had backed up /etc/samba prior, so I don't fully understand why
I couldn't just drop my config back in unless kerberos is broken in fedora.

Anyway, at this point, I'd just like some pointers as to what might be
relevent within the log files to point me to where I should be looking in
my configs and/or libraries.

Thanks,
Rob