samba - Oct 2003 - PAM-Winbind authentication working but can't use domain groups

I have successfully set up samba 3.0, PAM, Winbind and joined my samba
server to a windows 2000 domain.  I can log into my linux box as a domain
user and that all works fine.

I am having trouble trying to figure out how to set up access to a samba
share based on an Active Directory group.  Here is my smb.conf file:

[global]
winbind separator = `
idmap uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
workgroup = testsys
security = domain
password server = testdc
template shell = /bin/bash
template homedir = /home/%U
winbind use default domain = yes

[shared]
path = /svr/shared
valid users = +TESTSYS`Shared
writeable = yes
browseable = yes

Now in the shared section, I have tried the following for valid users:

valid users = @Shared
valid users = @TESTSYS+Shared    (with the seperator being a +)
valid users = +Shared (with seperator being a `)
valid users = +TESTSYS`Shared

All attempts to access the share failed.

The permissions on the directory are:

drwxr-xr-x    2 rwebb    Shared     4096 Oct 11 15:44 shared

When trying to access this share from the win2k server, it pops up the
"Connect As" box and does not let me proceed.

Any help would be greatly appreciated.
Rich