I'm trying to get a RHEL 5.4 base system to authenticate against a W2K8 domain

With the stock samba-3.0.33, I can use wbinfo and getent just fine, but I cannot actually authenticate. Googling finally led to a bug that strongly suggests that 3.0.33 cannot and will never be able to authenticate against W2K8, so I installed samba3x-3.5.4 Now, I cannot even join the domain. I get:

Failed to join domain: failed to lookup DC info for domain 'MY.DOMAIN' over rpc: Invalid workstation

Googling on that isn't turning up much of anything.

net ads status seems to work just fine.

/var/log/samba/log.winbindd says "Could not fetch our SID - did we join?" and "unable to initialize domain list"

So you joined to the domain with samba 3.0.33 and installed 3.5.4. Maybe you need to remove the host completely from the domain before you start to join again.

Reinstalled host without samba-3.0.33 ever being on it, removed record from AD, installed samba3x-3.5.4, started winbind, attempted to join domain... and got the exact same error.

Here you can find some tips on it:
http://lists.samba.org/archive/samba...ad.html#162668
http://wiki.samba.org/index.php/Windows7

Some smb.conf entries that are helping me make progress!

# deal with NSS and the whole UID/SID id mapping stuff
idmap backend = tdb
idmap uid = 2000000 - 2999999
idmap gid = 2000000 - 2999999
idmap config MYDOMAIN : backend = ad
idmap config MYDOMAIN : schema_mode = rfc2307
idmap config MYDOMAIN : readonly = yes
idmap config MYDOMAIN : range = 500 - 1999999
idmap cache time = 604800
idmap negative cache time = 20
winbind cache time = 600
winbind nss info = rfc2307
winbind expand groups = 2
winbind nested groups = yes
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
winbind offline logon = false