We used security = server to authenticate with an Active Directory server:
security = server
password server = NAME_OF_AD_SERVER
workgroup = DOMAIN_NAME_OF_AD
and we left the smbpasswd file empty.
With 3.0.25a, listing individual user names in parameters such as 'valid users' and 'printer admin' was no longer effective, but specifying UNIX groups using the '+group' or '@group' syntax still worked.
After a few trials, we found that when we added the user names in the smbpasswd file, listing them in 'valid users' and 'printer admin' parameters worked again.
That behavior you experience is almost exactly the same as in bug 4678, but I doubt if the fix proposed in that bug will cover this bug...
Maybe Jeremy will be able to cover both bugs with a single patch
Created attachment 2766 [details]
This patch should fix bug #4678 and not cause any backwards compatibility problems in environments with plaintext passwords and no backend SAM. Let me know - in testing this I discovered some minor memory leaks in our auth subsystem but I'll fix these for 3.0.26, too dangerous for 3.0.25b. I think this is safe though.