[Samba] winbindd Invalid or wrong password W2K sec policy problem

[Robert Tillman]

While using winbind for weeks to auth users by domain I came across
two users, who despite everything I didn't could not authenticate to a samba
share. In the samba logs I could see winbind checking domain\user then
coming back with Invalid or wrong password.

I eventually tracked it down to security policies on both users boxes.
Under the local system policy entry "Send LM & NTLM - use NTLMv2 session
security if negotiated"
I found the setting to be "Send NTLMv2 response only".  Why O why couldn't
the message have been
"unable to establish authentication method" is beyond me but if you should
run into this problem after
applying a domain wide security policy this might be your answer.

Much thanks to the personages who create Samba!