samba - Aug 2003 - SunOS-5.8 / Samba-2.2.0 W2K3 Domain Shares

Hello,

We have a scientific instrument being controlled by a SparcStation (under
SunOS-5.8) and running Samba-2.2.0 that has joined the campus wide W2K3
domain.  I am currently in the process of trying to setup the smb.conf file
so that  users of a W2K3 security group can access a single share on the
instrument.  If this is pedestrian to ask, please forgive me.

W2K3 Security Group = [user.name1, user.name2, user.name3]

<smb.conf>
# Global parameters
[global]
        workgroup = nsm
        netbios name = NMR
        server string = Varian NMR
        security = DOMAIN
        browseable = yes
        client code page = 437  
        encrypt passwords = Yes
        password server = nsm-dc10
        username map = /usr/local/samba/private/smbusers
        log file = /usr/local/samba/var/log.%m
        announce as = NT Workstation
        announce version = 5.0.2
        protocol = NT1
        name resolve order = wins host lmhosts
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        os level = 20
        preferred master = No
        local master = Yes
        domain master = No
        dns proxy = No
        wins support = No
        wins server = 130.253.x.y,130.253.x2.y2,130.253.x3.y3
        printing = SYSV
        load printers = Yes
        print command = /bin/lp -c -d %p %s; rm %s
        lpq command = /bin/lpstat -o %p
        lprm command = /bin/cancel %j %p
        lppause command = /bin/lp -i %p-%j -H hold
        lpresume command = /bin/lp -i %p-%j -H resume
        queuepause command = /bin/disable %p
        queueresume command = /bin/enable %
        log level = 2
        max log size = 1000

[homes]
        comment = Home Directories
        path = /export/home/%u
        valid users = %S
        read only = No
        create mask = 0664
        directory mask = 0775
        browseable = No

[printers]
        comment = Printers
        path = /tmp/sambaprn
        printable = Yes
        printer driver = null
        printable = Yes
        writeable = no
        use client driver = yes

[data]
        comment = NMR Data
        path = /u2s/data
        valid users = %S
        read only = No
        create mask = 0664
        directory mask = 0775
        browseable = No


So I succeeded doing the first part, joining the W2K3 domain with the above
smb.conf file.  However, I fail on the second step, having a single user
(myself) access the share.   When I attempt to connect to drive
//instrument/data I get:


[2003/08/24 03:39:25, 0] smbd/password.c:domain_client_validate(1519)
  domain_client_validate: could not fetch trust account password for domain
NSM
[2003/08/24 03:39:25, 1] smbd/password.c:pass_check_smb(526)
  Couldn't find user 'user.name3' in UNIX password database.
[2003/08/24 03:39:25, 2] smbd/reply.c:reply_sesssetup_and_X(950)
  NT Password did not match for user 'user.name3'!
[2003/08/24 03:39:25, 2] smbd/reply.c:reply_sesssetup_and_X(960)
  Defaulting to Lanman password for user.name3
[2003/08/24 03:39:25, 1] smbd/password.c:pass_check_smb(526)
  Couldn't find user 'user.name3' in UNIX password database.
[2003/08/24 03:39:25, 1] smbd/reply.c:reply_sesssetup_and_X(975)
  Rejecting user 'user.name3': authentication failed


in my machine.logs. Now if I add myself to the smbpasswd file, I can connect
to [data] if I use the password hash in the file, not the domain password.
Any thought here would be very helpful.  After this works, I will attempt to
tackle all users of the W2K3 security group to have access.

Thanks,
Jim