So I am having a new problem... Users, who could previously access a share, are periodically unable to connect to a share via Samba.

When I try using the smbclient command I get a NT_STATUS_ACCESS_DENIED
And when looking at the log I can see
smbldap_search_ext: base => [o=opw], filter => [(&(uid=USERNAME)(objectclass=sambaSamAccount))], scope => [2]
ldapsam_getsampwnam: Unable to locate user [USERNAME] count=0
check_sam_security: Couldn't find user 'USERNAME' in passdb.
check_ntlm_password: sam authentication for user [USERNAME] FAILED with error NT_STATUS_NO_SUCH_USER

This is strange, since if I run the command:
ldapsearch -xvvvD FULLUSERDN -w **** -b o=OPW -H ldaps:// "(&(uid=USERNAME)(objectclass=sambaSamAccount) )" 1.1
I do get a positive result.

But if I alter the smb.conf file from:
passdb backend = NDS_ldapsam:ldaps://
passdb backend = NDS_ldapsam:ldaps://ANOTHERSERVER
The problem goes away....

I have had this problem on two different servers so far and can't figure out the problem! And almost worse, is if I leave it for a day or to, the problem fixes itself!

My environment is three identical core NDS servers (they all use the same LDAP Group Object) and a large number of Remote NDS servers (all OES2 Linux and all using another but same LDAP Group Object)

Any ideas?
I can't find anything in the logs or the LDAP DS Traces to indicate why a LDAP search would fail on one server but not another. Or why a manual LDAP search is good while a Samba LDAP search fails!