[Samba] cannot join domain unless its root user

[Phillip K]

I'm atttempting to setup samba 3 as a primary domain controller which
authenticates users from a windows 2k/xp prof workstation and maps
their respective home folders as well as their respective shared
folders on the gentoo server. For example, I have the following groups
with their designated shares:

Group             Shared Dir 
------------          ------------------ 
water              /home/water 
tms                /home/tms 
accounting      /home/accounting 

and I have the users and groups 

User            Group 
------------       ------------------- 
bill               tms , water, accounting 
jill                water 

I am unable to get a client to join a domain unless I login and join
as root. The workstation display errors with username or password as
incorrect. However, when I go to network neighborhood, I can still see
the domain and see the shares on the server.

please advise? thanks in advance 

I do however add the machines to the tdbsam database by issuing the command: 
Code: 
# smbpasswd -a -m <machine name>  


and add the following line to the /etc/passwd file 

Code: 
<machine name>$:x:410:400:workstation:/dev/null:/bin/false  


Here is some other relavant information 

> net groupmap list 

# net groupmap list 
System Operators (S-1-5-32-549) -> -1 
Replicators (S-1-5-32-552) -> -1 
Guests (S-1-5-32-546) -> -1 
TMS (S-1-5-21-2557073695-1402744893-439265927-1821) -> tms 
Power Users (S-1-5-32-547) -> -1 
Accounting (S-1-5-21-2557073695-1402744893-439265927-1817) -> accounting 
Print Operators (S-1-5-32-550) -> -1 
Administrators (S-1-5-32-544) -> -1 
Waterlogic (S-1-5-21-2557073695-1402744893-439265927-1819) -> water 
Domain Users (S-1-5-21-2557073695-1402744893-439265927-513) -> users 

> cat smb.conf 


[global] 
workgroup = TMSWATER 
netbios name = TMSserver01 
passdb backend = tdbsam 
os level = 33 
preferred master = yes 
domain master = yes 
local master = yes 
security = user 
domain logons = yes 
logon drive = H: 
logon script = logon.cmd 
logon path = \\%N\profiles\%u 
add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u 

[homes] 
comment = Home Directories 
valid users = %S 
read only = No 
browseable = No 

[netlogon] 
path = /var/lib/samba/netlogon 
read only = yes 
admin users = root 
write list = ntadmin 
[profiles] 
comment = Roaming Profile Share 
path = /var/lib/samba/profiles 
read only = no 

[Misc] 
path = /home/Misc 
read only = No 
create mask = 0774 
directory mask = 0775 

[TMS] 
path = /home/TMS 
valid users = @tms 
read only = no 
create mask = 0774 
directory mask = 0775 

[Accounting] 
path = /home/Accounting 
valid users = @accounting 
read only = No 
create mask = 0774 
directory mask = 0775 

[Water] 
path = /home/Water 
valid users = @water 
read only = No 
create mask = 0774 
directory mask = 0775