Mac clients can't authenticate to SBS 2008

Hi,
We have a brand new SBS 2008 in a small office environment, also handling AD DS, DNS, and some file shares. The clients include several OS X 10.4 and 10.5 machines, and it's evident that out of the box, Server 2008 doesn't let them connect over SMB.
I also posted this in the file services forum, but it seems to be a security issue just as much.

• It's an audit failure; on the client side "Could not connect to the server because the name or password is not correct." On the server side, event ID 4625.
• Window clients can connect fine, using the same credentials I'm feeding the Mac.
• Giving "Everyone" access permissions to the folder didn't make any difference.
• Same problem with 10.4 and 10.5.

Event logs: (FQDN renamed)

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
    <EventID>4625</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12544</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2009-03-20T01:02:42.961Z" />
    <EventRecordID>4266289</EventRecordID>
    <Correlation />
    <Execution ProcessID="600" ThreadID="700" />
    <Channel>Security</Channel>
    <Computer>myserver.mydomain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="SubjectUserSid">S-1-0-0</Data>
    <Data Name="SubjectUserName">-</Data>
    <Data Name="SubjectDomainName">-</Data>
    <Data Name="SubjectLogonId">0x0</Data>
    <Data Name="TargetUserSid">S-1-0-0</Data>
    <Data Name="TargetUserName">MAC</Data>
    <Data Name="TargetDomainName">MYDOMAIN</Data>
    <Data Name="Status">0xc000006d</Data>
    <Data Name="FailureReason">%%2313</Data>
    <Data Name="SubStatus">0xc0000064</Data>
    <Data Name="LogonType">3</Data>
    <Data Name="LogonProcessName">NtLmSsp </Data>
    <Data Name="AuthenticationPackageName">NTLM</Data>
    <Data Name="WorkstationName">\\MACCLIENT</Data>
    <Data Name="TransmittedServices">-</Data>
    <Data Name="LmPackageName">-</Data>
    <Data Name="KeyLength">0</Data>
    <Data Name="ProcessId">0x0</Data>
    <Data Name="ProcessName">-</Data>
    <Data Name="IpAddress">192.168.0.30</Data>
    <Data Name="IpPort">49836</Data>
  </EventData>
</Event>


<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
    <EventID>4625</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12544</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2009-03-20T01:02:42.961Z" />
    <EventRecordID>4266288</EventRecordID>
    <Correlation />
    <Execution ProcessID="600" ThreadID="700" />
    <Channel>Security</Channel>
    <Computer>myserver.mydomain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="SubjectUserSid">S-1-0-0</Data>
    <Data Name="SubjectUserName">-</Data>
    <Data Name="SubjectDomainName">-</Data>
    <Data Name="SubjectLogonId">0x0</Data>
    <Data Name="TargetUserSid">S-1-0-0</Data>
    <Data Name="TargetUserName">MAC</Data>
    <Data Name="TargetDomainName">MYDOMAIN</Data>
    <Data Name="Status">0xc0000225</Data>
    <Data Name="FailureReason">%%2304</Data>
    <Data Name="SubStatus">0x0</Data>
    <Data Name="LogonType">3</Data>
    <Data Name="LogonProcessName">
    </Data>
    <Data Name="AuthenticationPackageName">NTLM</Data>
    <Data Name="WorkstationName">\\MACCLIENT</Data>
    <Data Name="TransmittedServices">-</Data>
    <Data Name="LmPackageName">-</Data>
    <Data Name="KeyLength">0</Data>
    <Data Name="ProcessId">0x0</Data>
    <Data Name="ProcessName">-</Data>
    <Data Name="IpAddress">192.168.0.30</Data>
    <Data Name="IpPort">49836</Data>
  </EventData>
</Event>