[Samba] Samba 3.6 winbind issues

[David Noriega]

I've been using samba for several years now and so my configuration
hasnt changed much in that time. We've setup a samba pdc+ldap backend
and previously using smbldap-tools. I haven't had to add a new machine
in a long while until recently a new user said they couldn't remote
desktop to a windows server I have part of our domain. Older users
still were able to access it.

I decided to leave then join the domain, but that ran into another
issue. I cant add the server back to the domain since I was getting
'no challanage send to client' messages. Searching this I found I
needed to use winbind and setup idmap settings. Following the wiki, I
set this up, but still unable to join to the domain.

Now it says its unable to allocate a uid to create the machine entry
in ldap. I'm not sure what to do next. wbinfo is able to report info
on users, but wbinfo -g returns nothing. In the logs for winbind I see
errors saying for gid 0 got 0 entries, and for a few other gids.

I tried wbinfo --allocate-uid/gid and get the following:
failed to call wbcAllocateGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not allocate a gid

In the logs, all I see is
Could not allocate gid: NT_STATUS_UNSUCCESSFUL

Here is my samba global settings:
[global]
        workgroup = X.X.X
        netbios name = ROSS
        server string = PDC %v
        encrypt passwords = yes
        passdb backend = ldapsam:ldap://X.X.X.X
        ldapsam:trusted = yes
        ldapsam:editposix = yes
        domain master = yes
        preferred master = yes
        local master = yes
        os level = 255
        dns proxy = yes
        wins support = yes
        name resolve order = host wins lmhosts bcast
        domain logons = yes
        client ntlmv2 auth = yes
        loglevel = 2 auth:1 sam:10 winbind:10 passdb:0 smb:10 rpc_srv:3
        log file = /var/log/samba/log.%m
        syslog = 0
        time server = yes
        ldap suffix = dc=X,dc=X,dc=X
        ldap user suffix = ou=people
        ldap group suffix = ou=group
        ldap machine suffix = ou=machines
        ldap idmap suffix = ou=Idmap
        ldap ssl = start tls
        ldap admin dn = cn=samba,ou=DSA,dc=X,dc=X,dc=X
        logon path = \\%L\profiles\%U
        logon script = netlogon.bat
        time server = Yes
        deadtime = 10
        case sensitive = No
        dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
        printcap name = /etc/printcap
        load printers = no
        interfaces = eth0 lo
        bind interfaces only = yes
        winbind enum users = yes
        winbind enum groups = yes
        idmap config * : default = yes
        idmap config * : readonly = no
        idmap config * : backend = ldap
        idmap config * : range = 1000-1000000
        idmap config * : ldap_url = ldap://X.X.X.X
        idmap config * : ldap_base_dn = ou=Idmap,dc=X,dc=X,dc=X
        idmap config * : ldap_user_dn = cn=idmap,ou=DSA,dc=X,dc=X,dc=X
        winbind use default domain = Yes
        winbind nested groups = Yes