Tiger Server as PDC

I know that not many people are doing this, but we're a majority Mac shop with a smithering of PCs requiring authentication and we'd like to use our OD master as PDC to do this. In attempting to set up and troubleshoot a PDC on our OD master I am having a few issues that don't quite add up. Essentially I'm seeing three problems, but first the setup: PDC config: *General* Role: PDC Description: set to match host - domain suffix Computer Name: set to match host - domain suffix Domain: xxxxx *Access* Guest Access OFF Client Connections: Unlimited Authentication: NTLMv2 & Kerberos, NTLM *Logging* High *Advanced* Code Page: Latin US (437) Services: Workgroup Master Browser, Domain Master Browser WINS Registration: Enable WINS server Homes: Enable virtual share points We also have a BDC set up on our OD replica with the following settings: BDC config: *General* Role: PDC Description: set to match host - domain suffix Computer Name: set to match host - domain suffix Domain: xxxxx *Access* Guest Access OFF Client Connections: Unlimited Authentication: NTLMv2 & Kerberos, NTLM *Logging* Low *Advanced* Code Page: Latin US (437) Services: Workgroup Master Browser WINS Registration: Enable WINS server Homes: Enable virtual share points Here is the smb.conf file of our PDC: [quote][global] encrypt passwords = yes workgroup = xxxxx display charset = UTF-8-MAC security = user deadtime = 5 guest account = unknown add machine script = /usr/bin/opendirectorypdbconfig -c create_computer_account -r %u -n "/LDAPv3/127.0.0.1" add user script = /usr/bin/opendirectorypdbconfig -c create_user_account -r %u -n "/LDAPv3/127.0.0.1" client ntlmv2 auth = no preferred master = yes defer sharing violations = no allow trusted domains = no netbios name = set to match host - domain suffix lanman auth = NO vfs objects = darwin_acls wins support = yes interfaces = w.x.y.z/26 brlm = yes max smbd processes = 0 server string = od logon drive = H: os level = 20 domain logons = yes passdb backend = opendirectorysam guest dos charset = CP437 bind interfaces only = yes unix charset = UTF-8-MAC auth methods = guest opendirectory local master = yes domain master = yes map to guest = Never use spnego = yes printer admin = @admin, @staff logon path = \\%N\profiles\%u ntlm auth = YES log level = 2 [netlogon] oplocks = yes path = /etc/netlogon strict locking = no browseable = no write list = @admin [homes] root preexec = /usr/sbin/inituser %U read only = no comment = User Home Directories browseable = no create mode = 0750 [profiles] oplocks = yes path = /Users/Profiles read only = no strict locking = no browseable = no [printers] printable = yes path = /tmp[/quote] Questions about conf file: I have NTLMv2 enabled in the GUI, why is it off in the smb.conf file? Problems 1. Connected users fail to appear in the Connections view or the Overview view. Occasionally, you'll see a user appear in the Graphs view. Logs show users as properly authenticating and opening/closing login.bat, and IFMEMBER.EXE. 2. When connected users DO show up in the Connections view their connection time is 00:00. This does not change. Users typically disappear from view within 5 minutes. 3. XP clients are able to bind to the domain. When users attempt to authenticate an error is returned that the domain is unavailable. 4. Related to problem 3. Some hosts that are able to authenticate users occasionally lose this ability. Typically a restart will correct the issue. Please let me know if you need any further info. Many thanks!