You are trying to use "security = domain" features for a server with "security = share". Share level security is obsolete Win 95 technology that is hardly covered in the "Samba 3 HOWTO & Reference Guide". The script entries are what would be run if a user on a client changed his password in a Windows Domain, and the Samba server was the domain controller.
You could instead use "security = user" and configure public shares for guest read/writable shares and user shares for the private ones. You could also create a Linux user on the server with the name of the share and add a Linux password and samba password. That would allow giving the username and password to certain people. You will need to run both "passwd" and "smbpasswd" to set the password. I think that you can change the samba password later (or use a different password) without changing the user password. I did test this, running "smbpasswd" on my laptop to change the samba password on my desktop. Then I was able to get at my shares using the new password.
You can run "smbpasswd -u <username> -r <remote-machine>" to change the samba password remotely.
I have never used "security = share" on a Samba server. I don't even know if a user name is prompted for. The "Samba 3 HOWTO and Reference Guide" says that the Samba server isn't given the username, and each possible user name is tried. Maybe using "smbpasswd -u <user> -r <remote-machine>" would be enough if the password (hash) matches that of any user in smbpasswd.
---
I just installed Fedora 9 on my old Laptop. I have been using SuSE exclusively. Running samba swat (
http://localhost:901), I see that is uses /var/lib/samba/private/smbpasswd instead of /etc/samba/smbpasswd.
-----
One small thing that I noticed later on, is that the "Password Program" entry in smb.conf is for the Unix password program rather than the Samba password program. So it should be "/usr/bin/passwd %u" instead of using smbpasswd.