samba - Oct 2003 - 3.0.1pre1 broke my 'valid users' on one share

Before updating to 3.0.1pre1, the following smb.conf worked.
 
Now when users try to hit the [broke] share they are denied access.
 
Winbind has no problem finding the users and groups for the domain.
 
I've verified filesystem permissions, "Domain Users" have full RW
access.
 
I do not seeing anything coming across my smbd log files.
[global]

security = DOMAIN

workgroup = xxx

password server = AUSTIN, HOUSTON, *

encrypt passwords = yes

wins server = 172.20.0.1

netbios name = PLANO

winbind separator = + 

idmap uid = 10000-20000

idmap gid = 10000-20000

winbind use default domain = yes

winbind enum users = yes

winbind enum groups = yes

obey pam restrictions = yes

kernel oplocks = no

template homedir = /xxx/home/share/%U

template shell = /bin/bash

server string = 

mangle case = yes

dos filemode = yes

name resolve order = wins bcast lmhosts 

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
IPTOS_LOWDELAY

max log size = 4096

log file = /var/log/samba/%m

local master = yes

domain logons = no

domain master = no

preferred master = no

wins support = no

wins proxy = no

dns proxy = no 

[broke]

write cache size = 64000

browseable = yes

path = /path/to/stuff

read only = yes

public = no

guest ok = no

valid users = user1, user2, user3

force group = "Domain Users"

fake oplocks = yes

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aaron_Colichia@Dell.com wrote:

| Before updating to 3.0.1pre1, the following smb.conf worked.
| Now when users try to hit the [broke] share they are denied access.
| Winbind has no problem finding the users and groups for the domain.
| I've verified filesystem permissions, "Domain Users" have full
RW access.
| I do not seeing anything coming across my smbd log files.

Try setting "winbindd use default domain = no" and let me know.
(Have I said how much I hate that parameter today?).




cheers, jerry
~ ----------------------------------------------------------------------
~ Hewlett-Packard            ------------------------- http://www.hp.com
~ SAMBA Team                 ---------------------- http://www.samba.org
~ GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
~ "You can never go home again, Oatman, but I guess you can shop
there."
~                            --John Cusack - "Grosse Point Blank"
(1997)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/mTO4IR7qMdg1EfYRAmOvAJwIlv4Vr3sW7KeYgyAe5f5zEK8zOACgpsHx
KJXjdlsqjHDCPDDiew+lvpo=rPp2
-----END PGP SIGNATURE-----