Quick and Dirty setup for Samba 3 and Windows 2003

These are the absolute bare minimum steps to get your Samba server integrated as a member server in an AD controlled domain with Win2k3 as the DC.
1. ENSURE your samba box has an A record and associated PTR in DNS.
2. On your DC, disable signing: Run Domain Controller Policy tool and edit Account Policies -> Security Options -> Microsoft network client: Digitally sign communications (always) Set this to Disabled. Do the same in the Domain Policy tool. Note, you will need to reboot the server for this step, though it won't tell you to. Disable on your samba server as well with the following in smb.conf
client signing = no
client use spnego = no
3. On your samba server, install kerberos5, and edit /etc/krb5.conf. It should contain:
[libdefaults]
       default_realm = YOUR.ADS.DOMAIN
       dns_lookup_kdc = false
       dns_lookup_realm = false
[domain_realm]
       .your.domain.name=YOUR.ADS.DOMAIN
       your.domain.name=YOUR.ADS.DOMAIN
[realms]
YOUR.ADS.DOMAIN = {
       default_domain = your.domain.name
       kdc = IP.OF.THE.DC
}
4. Ensure smb.conf contains
realm = YOUR.ADS.DOMAIN
workgroup = YOUR
security = ADS
5. Get a ticket using kerberos: kinit administrator (enter the administrator password when prompted). The klist command should then list a ticket.
6. Join the domain using 'net ads join'. This should use the credentials in your kerberos ticket.
7. Set up winbind - ensure the following is in smb.conf
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum groups = yes
winbind enum users = yes
8. store your winbind credentials with wbinfo --set-auth-user=DOMAIN\\administrator%password
9. modify /etc/pam.d/samba (on woody) or the appropriate pam file to add "sufficient" for auth and account using pam_winbind.so. These need to go BEFORE the pam_unix.so calls for samba. My /etc/pam.d/samba is as follows:
auth            sufficient      pam_winbind.so
auth            required        pam_unix.so nullok
account         sufficient      pam_winbind.so
account         required        pam_unix.so
session         required        pam_unix.so
password        required        pam_unix.so
10. Modify /etc/nsswitch.conf with the following:
passwd:         winbind compat
group:          winbind compat
shadow:         winbind compat
11. Restart samba and winbind.
12. All should work. :) Browse your server and see...