[samba] аутентификация юзеров AD

[Дмитрий Табунов]

AltLinux 3.0 Compact
W2k3 AD

регистрирую линукс в AD
net ads join -U administrator
получаю следующее:

Using short domain name -- TVSTOLITSA
Joined 'ALT-89' to realm 'TVSTOLITSA.LOCAL'
*** glibc detected *** free(): invalid pointer: 0x40116d3c ***
Aborted

при этом в логах тишина...

 может кто укажет на грабли...

KRB5.CONF
---------

[logging]
  default = FILE:/var/log/krb5libs.log
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind.log

[libdefaults]
  ticket_lifetime = 24000
  default_realm = TVSTOLITSA.LOCAL
  dns_lookup_realm = false
  dns_lookup_kdc = false

[realms]
  TVSTOLITSA.LOCAL = {
  kdc = budda.tvstolitsa.local:88
  admin_server = budda.tvstolitsa.local:749
  default_domain = tvstolitsa.local
  kdc=192.168.2.3
  }

[domain_realm]
  .tvstolitsa.local = TVSTOLITSA.LOCAL
  tvstolitsa.local = TVSTOLITSA.LOCAL

[kdc]
  profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
  pam = {
    debug = false
    ticket_lifetime = 36000
    renew_lifetime = 36000
    forwardable = true
    krb4_convert = false
  }


SMB.CONF
--------

[global]
        dos charset = CP866
        unix charset = CP1251
        display charset = CP1251
        workgroup = TVSTOLITSA
        netbios name = alt-89
        realm = TVSTOLITSA.LOCAL
        server string = Samba Server
        security = ADS
        auth methods = winbind
        min password length = 6
        null passwords = Yes
        password server = 192.168.2.3
        client lanman auth = No
        client plaintext auth = No
        log level = 3
        log file = /var/log/samba/log.smbd
        max log size = 500
        announce version = 5.1
        paranoid server security = No
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        hostname lookups = Yes
        os level = 5
        preferred master = No
        local master = No
        domain master = No
        wins proxy = Yes
        wins server = 192.168.2.3
        wins support = Yes
        ldap ssl = no
        idmap uid = 15000-30000
        idmap gid = 15000-30000
        winbind separator = +
        winbind use default domain = Yes
        winbind enum users = Yes
        winbind enum groups = Yes
        admin users = tda, administrator, dimson
        create mask = 0777
        directory mask = 0777
        hosts allow = 192.168., 127.



заранее спасибо