Restricting browsing by share w/security=domain

[balamw at att.net]

Hi all,

It's been a long time since I've had to post to the list 
(or eve read it) since Samba just plain works! I'm 
currently using 2.0.5a on a Sun Sparc10 running RedHat 
Linux 6.0 authenticating users off of our local NT P/BDC 
and have noticed something I had never noticed before:

Shares which are restricted only to a select group 
(using valid users) are showing up in other users browse 
lists (Network Neighborhood or smbclient -L) even though 
they have absolutely no rights to the directory. I 
realize this is also how NT works, but samba is usually 
not bound by such things. ;-)

Here are the relevant sections of smb.conf

[global]
        workgroup = STGROUP
        server string = Samba Server
        security = DOMAIN
        encrypt passwords = Yes
        password server = NT_STGROUP
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 
SO_SNDBUF=8192
        dns proxy = No 

[private]
        comment = Private area
        path = /mnt/local/private
        valid users = balamw fredf
        public = no

I also have a couple of other unrestricted public shares 
that work fine. I'd like private only to be browsable by 
myself and fredf, and I don't want other users to even 
be aware of its existence. However, if I set "browseable 
= no" I can't even see it, even though I can still 
explicitly map to it.

Thus, in a sense I'd like it to behave like [homes] 
where only I can see my home directory. I seem to recall 
that at one point it did work that way although I'm not 
sure if I was using "security=shares" 
or "security=server" at the time.

I don't know if this behavior is related to "security = 
domain", or if it might be related to the fact that most 
domain users do not have accounts on the unix box and 
thus get mapped to nobody.

Is there any way to achieve what I am trying to do?

Thanks,

Balam