I just found a little wrinkle that worked for me:
1. Add a Linux user.
2. Edit smb.conf and add to the global section
lanman auth = yes
client lanman auth =yes
3.Use pdbedit -a <username> to create a Samba user in your password backend.
(If the user already exists, then first delete the user with pdbedit -x <username>)
It seems that LM hashes are not generated in the password backend if the lanman authorisation is not set in smb.conf.