[Samba] valid/invalid users problem

[stingray at zsgutova.cz]

Hello,

I have a weird problem with valid/invalid users settings in smb.conf 
file. It started when I migrated to another machine and started to use 
pam_mysql. I used samba's internal smbpasswd before. The smb.conf stayed 
almost the same. But I just don't understand how could pam_mysql cause this.
Without "valid users" in config, I can login with any account present in 
my DB and everything works fine. As soon as I list some users using 
"valid users", I can't login with any to the share. Moreover, "invalid 
users" seems to be ignored. Could it be, that first login check is made 
against my DB, but the valid user check is made against some other 
service where those users are not specified? If yes, how to fix this?

Failure is:
smbclient -U admin \\\\FreeBSD\\ALL

Domain=[SKUPINA] OS=[Unix] Server=[Samba 3.0.24]
tree connect failed: NT_STATUS_ACCESS_DENIED

Please, could you check my settings (see below) and maybe advice what 
might be wrong? I'm getting desperate after hours of testing :-/

Thanks in advance and have a nice day

Roman

---

Samba version: 3.0.24
OS: FreeBSD 6.2-STABLE
pam_mysql version: 0.6.2

---

part of smb.conf used for testing:
[global]
log level = 2
netbios name = FreeBSD
server string = "FreeBSD Server"
workgroup = SKUPINA
security = user
log file = /var/log/samba.log
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
encrypt passwords = no
update encrypted = no
wins support = yes
local master = yes
domain master = yes
preferred master = yes
os level = 50
create mask = 777
directory mask = 777
force create mode = 777
force directory mode = 777

[ALL]
path = /data/files
public = no
writeable = yes
valid users = admin

---

/etc/pam.d/samba:
auth     required    pam_mysql.so   user=root passwd=xxx 
passwdcolumn=password db=auth table=users usercolumn=username crypt=1
account  required    pam_mysql.so   user=root passwd=xxx 
passwdcolumn=password db=auth table=users usercolumn=username crypt=1
password required    pam_mysql.so   user=root passwd=xxx 
passwdcolumn=password db=auth table=users usercolumn=username crypt=1
session  required    pam_mysql.so   user=root passwd=xxx 
passwdcolumn=password db=auth table=users usercolumn=username crypt=1

---

samba.log (@ debug level 2):
[2007/05/13 00:58:37, 2] auth/auth.c:check_ntlm_password(309)
   check_ntlm_password:  authentication for user [admin] -> [admin] -> 
[admin] succeeded
[2007/05/13 00:58:37, 2] smbd/reply.c:reply_tcon_and_X(711)
   Serving IPC$ as a Dfs root
[2007/05/13 00:58:37, 2] smbd/service.c:make_connection_snum(580)
   user 'admin' (from session setup) not permitted to access this share 
(ALL)