samba - Dec 2003 - getting Samba 3.0.1 to use NIS UID's/GID's instead of its own

There are two NT domains, the resource domain (pretend it's RESDOM) and the
user domain (MASDOM) where RESDOM trusts MASDOM.  My Samber server (COOL) is
registered in the RESDOM domain.  I can do smbclient -L COOL -U MASDOM/myname
and it asks for a password and displays the shares correctly, even picking up
the NIS logon share.

The problems start, however, when I want to connect to the myname share - it
won't authenticate.  I have a share set up to /tmp and when I write to it,
instead of getting the NIS UID and GID, I get GID 10000 and UID MASDOM+myname.

I want it to pick up the NIS one and use it instead.

Here's some stuff from smb.conf

[global]
workgroup = RESDOM
security = DOMAIN
netbios name = COOL
name resolve order = lmhosts wins bcast
preferred master = false
local master = no
wins support = no
NIS homedir = yes
guest account = qguest
map archive = no
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind uid = 10000-20000
winbind gid = 10000-20000
[tmp]
path = /tmp
create mask = 775
guest ok = yes

log.winbindd says (among other things):

MASDOM is a mixed (or NT4) mode domain
...
nsswitch/winbindd_pac.c:winbindd_pam_auth_crap(275)
pam auth crap domain: MASDOM user: myname
...
getpwname masdom+myname
name_to_sid name=myname
name_to_sid [rpc] myname for domain MASDOM
...

log.192.168.1.3 says (among other things)

'/usr/users/MASDOM+myname' does not exist or is not a directory, when
connecting to [myname]

connect to service tmp initially as user MASDOM+myname (uid=10000, gid=10000)
(pid 7222)

/usr/local/samba/bin/testparm complains:

'winbind separator = +' might cause problems with group membership

I got that configuration string from Samba documentation.