OK,

So the other day some samba shares at work stopped accepting passwords.  After issuing the smblient command with the credentials in question it became apparent that Samba couldn't communicate with the LDAP server to verify the proper credentials.  This image is a meld side by side of what a smbclient session looks like that succeeds(left) and fails(right).

Other errors, including the one that follows, led me to believe that there was a TLS/certificate issue at hand.  Look like I have a long week ahead of me.

root@ppcre-ldap:~# smbpasswd accounting
Failed to issue the StartTLS instruction: Connect error
Connection to LDAP server failed for the 1 try!
 

Also, it seems like smblient hangs at this point:

Got NTLMSSP neg_flags=0x60080215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH

For the blind:

Failed session breakpoint:

smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=    0 (0x0)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=    9 (0x9)
smb_bcc=65
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE

Successful login output:

smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=    0 (0x0)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=    9 (0x9)
smb_bcc=65
Domain=[PPCRE.COM] OS=[Unix] Server=[Samba 3.0.22]
session setup ok

I will try to update this on how I fixed it.  Either a key rebuild(a partial one involving one master and one slave isnt working), or I may just rebuild the master ldap server.