Microsoft Windows Server has a some vaguely-worded options which must be disabled to allow OS X's Samba to connect. I never did fix the "name or password is incorrect" error connecting via Samba to my Windows 2000 Server install, so I always passed data back and forth using an XP machine. Seeking to end that kluge with my new Windows 2003 Server install, I hacked everything I could find on the OS X side to no avail. I finally gave up and turned to the Domain Server for salvation. Eventually, I found the right settings:
Start -> All Programs -> Administrative Tools -> Domain Controller Security Policy. You can ignore any errors about truncated strings ... gotta love one-button alerts. Then navigate into Local Policies: Security Options, and set the following:
Microsoft Network Server: Digitally sign communications (always): DISABLED
Microsoft Network Server: Digitally sign communications (if client agrees): ENABLED
Now, if you want the Server to be able to connect to the Macs on the network, or any Samba server (I think), set the following in the same Local Policies: Security Options area:
Microsoft Network Client: Digitally sign communications (always): DISABLED
Microsoft Network Client: Digitally sign communications (if server agrees): ENABLED
And finally, if you want the domain's Windows boxes to be able to connect to the Mac/Samba, set the following:
Domain Member: Digitally encrypt or sign secure data channel (always): DISABLED
Domain Member: Digitally encrypt secure data channel (when possible): ENABLED
Domain Member: Digitally sign secure data channel (when possible): ENABLED
I suppose these same policies are found in a similar location in Windows 2000 Server, but I'm not going to reinistall it just to know. Why all of this was so hard to find and/or figure out, I don't know -- it seems pretty simple once I collected it all from about 10 different places.
Warning: This hint lowers your network's security a bit, use at your own risk.