[Samba] No shares for windows

[markus]

System: w2003 SP1, samba 3.0.14a-r2 (even tried 3.0.20b)
Kernel: 2.6.12-gentoo-r4 SMP
Mode: ADS
Auth: nss_ldap, kerberos

The Problem: After a while the clients loosing their connection to the 
samba server and it's shares. After the connection is lost there is a 
clean cut: no further information is written to a machine log if trying 
to access a share on the samba server. So the problem has to be on 
windows side. Until the connection is gone forever the machine log has 
many entries like this:

[2005/11/07 12:53:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
   Username DOMAIN+MACHINE$ is invalid on this system

I know this error since I am using the combination of kerb, nss_ldap and 
samba as an ad member but never had problems accessing shares on sambas. 
Because of using nss_ldap, there is no entry for winbind in my 
nsswitch.conf and nss_winbind doesn't extend the machines and usernames 
as DOMAIN+{USER,MACHINE$}.

Are there any known issues related to hotfixes on windows? On w2003 it's 
definitely impossible browsing my samba shares, just refusing the 
connection without logging it anywhere. Neither under linux nor under 
windows, like if never happened.

If windows sends DOMAIN\USER (or interpreted by winbind like 
DOMAIN+USER), how can I tell samba to extend the users and machines the 
same using nss_ldap?

Thanks in advance for any help
   - markus