samba - May 2003 - winbindd Invalid or wrong password W2K sec policy problem

While using winbind for weeks to auth users by domain I came across
two users, who despite everything I didn't could not authenticate to a samba
share. In the samba logs I could see winbind checking domain\user then
coming back with Invalid or wrong password.

I eventually tracked it down to security policies on both users boxes.
Under the local system policy entry "Send LM & NTLM - use NTLMv2
session
security if negotiated"
I found the setting to be "Send NTLMv2 response only".  Why O why
couldn't
the message have been
"unable to establish authentication method" is beyond me but if you
should
run into this problem after
applying a domain wide security policy this might be your answer.

Much thanks to the personages who create Samba!