samba - Dec 2003 - Accessin Samba Share from NT 4 Client security = domain

Hi group,

I´m trying to access a share on a samba 3.0.0.2 Server

winbind works,
wbinfo -g, wbinfo -u, getent passwd, getent group show nt users and nt
groups

user domain+tester is member in group domain+EDV

tail -f /var/samba/log.winbind
...
[2003/12/05 14:12:36, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(112)
  [12808]: getpwnam domain+tester
[2003/12/05 14:12:36, 3] nsswitch/winbindd_rpc.c:name_to_sid(272)
  rpc: name_to_sid name=tester
[2003/12/05 14:12:36, 3] nsswitch/winbindd_rpc.c:name_to_sid(281)
  name_to_sid [rpc] tester for domain domain
[2003/12/05 14:12:36, 5] nsswitch/winbindd.c:winbind_client_read(462)
  read failed on sock 20, pid 12808: EOF


tail -f /var/log/samba/log.computername
....
smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User
domain+tester

ls -aln shows this,

rrdebian01:/var/freigaben# ls -aln
total 20
drwxr-xr-x    5 0        0            4096 Dec  5 10:34 .
drwxr-xr-x   17 0        0            4096 Oct 16 16:44 ..
drwxr-xr-x    2 15098    15021        4096 Dec  5 10:40 edv


getent group |grep edv
DOMAIN+EDV:x:15021:DOMAIN+tester,DOMAIN+XYZ


getent üasswd | grep tester

DOMAIN+tester:x:15098:15000::/home/DOMAIN/tester:/bin/false

Share Definition from smb.conf

[EDV]
comment = Testfreigabe NT Rechte unter Linux
path = /var/freigaben/edv
writeable = yes
public = no
valid users = @DOMAIN+edv

Winbind Def in smb.conf

log level = 1 passdb:1 auth:1 winbind:5
winbind separator =+
winbind uid = 15000-20000
winbind gid = 15000-26500
winbind cache time = 10
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/false

  security = domain
   encrypt passwords = true
   passdb backend = tdbsam guest

   obey pam restrictions = yes
;   guest account = nobody
   invalid users = root


Now why is User DOMAIN+tester not able to access the share ?

Thanks

Georg