[Samba] security = ads --> invalide user

[Urs Golla]

Hello

I try to run SAMBA with security = ads on AIX 5.3 with SAMBA 3.0.23d.
"net ads join" was successful and the machine is now visible in the Domain
with the netbios name.

When I try to access the shares on the machine the log.smbd files says:

(...)
[2007/05/10 08:58:16, 1] smbd/sesssetup.c:reply_spnego_kerberos(310)
  Username MYDOMAIN/MYUSERNAME is invalid on this system
[2007/05/10 08:58:16, 3] smbd/error.c:error_packet(146)
  error packet at smbd/sesssetup.c(315) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
(...)


******************************************************
smb.conf:

[global]
winbind separator = /
netbios name = MYNETBIOSNAME
winbind enum users = yes
workgroup = MYDOMAIN
winbind enum groups = yes
#password server = *
password server = MYPASSWORDSERVER
encrypt passwords = yes
dns proxy = no
realm = MYREALM
security = ADS
wins proxy = no
winbind use default domain = Yes
client use spnego = yes
#idmap uid = 10000-20000
#winbind gid = 10000-20000
preferred master = no
log level = 3
wins server = x.x.x.x
#auth methods = guest sam winbind
#idmap uid = 10000-20000
idmap gid = 10000-20000


[testsamba]
     comment = Samba testfolder
     path = /testsamba
     read only = no
     valid users = MYDOMAIN/USERNAME

******************************************************

I also maped the domain groups with "net groupmap"

# ./net groupmap list
Domain Users (S-1-5-21-3687956107-1621720357-3427760348-513) -> domainusers
Domain Guests (S-1-5-21-3687956107-1621720357-3427760348-997) -> nobody
Administrators (S-1-5-32-544) -> 5000
mygroup (S-1-5-21-3687956107-1621720357-3427760348-14001) -> mygroup
Users (S-1-5-32-545) -> 5001

--> MYDOMAIN/USERNAME is a member of MYDOMAIN/mygroup
****************************************************************

Why does it say "invalide user"? I think I should also be able to browse the
shares without a valid user...

any help is much appreciated!!!

Regards
Urs