[Samba] Strange problems with Samba 3.0.32 as ADS member of W2k3 domain

[Masopust, Christian]

hello,
 
i've some strange problems with my samba-servers acting as domain-member
(ADS) in a W2k3 active directory.
 
we have 3 DCs here and running samba without specifying a dedicated "password server"
doesn't work!  the 3 DCs have the following roles:
 
- DC1: PDC-emulator, has global catalog
- DC2: RID-master, infrastructure-master, no global catalog
- DC3: no special role, has global catalog
 
what works:
 
- kerberos setup is fine, can kinit without problems.
- net ads join works fine (no matter to which server i do)
- net ads testjoin gives "join ok" (either specifying a server to check or not)
- samba-shares working only when "password server = DC3" !!!
 
what doesn't work:
 
- samba-shares without specifying a password server
- samba-shares with "password server" either DC1 or DC2
 
 
after doing a lot of test, rejoins, and so on, i figured out that also the following setup
works:
 
- password server = *     AND   also running winbindd !!!
 
the strange thing is that i've some other setups (same samba, same domain on another
location and therefore other DCs) that work fine without winbindd running...
 
so i'm now totally confused and looking forward to any help!
 
thanks a lot,
christian
 
--
"I sense much NT in you, NT leads to Blue Screen.
Blue Screen leads to downtime, downtime leads to suffering. NT is the path to the darkside."

- Unknown Unix Jedi