samba - Oct 2003 - domain groups accessing samba share

Hey John,
I've been working on this most the day.  Just can't seem to nail it 
down!  (Yes sir I did read the "How To")
Winbind is working fine - I can:
wbinfo -g
wbinfo -u
getent passwd
getent group

Problem is when I try to use a domain group on a Samba share I get a 
username and password prompt; although, nothing seems to get me in!

Please advise

#Samba 3.0 running under Gentoo1.4
[global]
        workgroup = LABOR
        realm = LABOR.AK
        server string = Samba3 on ANC-Gentoo1.4
        security = ADS
        password server = passwordserver
        log file = /usr/local/samba/var/log.%m
        max log size = 50
        socket options = SO_RCVBUF=8192 SO_SNDBUF=8192
        os level = 0
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        wins server = win_server_ip
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /home/winnt/%D/%U
        template shell = /bin/bash

[Linux Software]
        comment = Open Source Software
        path = /home/tim/Linux Software
        valid users = @LABOR\domain admins
        write list = @LABOR\domain admins
        read only = No

On Mon, 13 Oct 2003, Tim Jordan, Network Services wrote:
> Hey John,
> I've been working on this most the day.  Just can't seem to nail it
> down!  (Yes sir I did read the "How To")
> Winbind is working fine - I can:
> wbinfo -g
> wbinfo -u
> getent passwd
> getent group
>
> Problem is when I try to use a domain group on a Samba share I get a
> username and password prompt; although, nothing seems to get me in!
>
> Please advise
>
> #Samba 3.0 running under Gentoo1.4
> [global]
>         workgroup = LABOR
>         realm = LABOR.AK
>         server string = Samba3 on ANC-Gentoo1.4
>         security = ADS
>         password server = passwordserver
>         log file = /usr/local/samba/var/log.%m
>         max log size = 50
>         socket options = SO_RCVBUF=8192 SO_SNDBUF=8192
>         os level = 0
>         preferred master = No
>         local master = No
>         domain master = No
>         dns proxy = No
>         wins server = win_server_ip
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         template homedir = /home/winnt/%D/%U
>         template shell = /bin/bash
>
> [Linux Software]
>         comment = Open Source Software
>         path = /home/tim/Linux Software
>         valid users = @LABOR\domain admins
Make this:
	valid users = @LABOR\"domain admins"
>         write list = @LABOR\domain admins
	write useres = @LABOR\"domain admins"

- John T.
>         read only = No
>
>
>
>
-- 
John H Terpstra
Email: jht@samba.org

Hiya Tim, Thanks for helping.


Can you post your
smb.conf 
/etc/pam.d/login
wbinfo -g
wbinfo -u
getent passwd
getent group

Here we go:
# Global parameters
[global]
        workgroup = MYDOMAIN
        realm = MYNETWORK.ISP.CO.UK
        server string = Linux Samba Server
        security = ADS
        password server = bashful
        log level = 3
        log file = /var/log/samba/log.%m
        max log size = 100
        smb ports = 445
        announce as = NT Workstation
        name resolve order = host bcast
        wins server = 10.0.0.104
        client signing = Yes
        server signing = Yes
        client use spnego = Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        load printers = No
        os level = 10
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template shell = /bin/bash
#       winbind separator = +
        winbind cache time = 2
#       winbind use default domain = Yes
        comment = Redhat 7.1 Samba
        hosts allow = 127., 10.0.0.

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[Software]
        comment = Software Library
        path = /mnt/largeprimary/software
#       valid users = @MYNETWORK.ISP.CO.UK\"Domain Users"
#       Admin users = @MYNETWORK.ISP.CO.UK\gavdav

[root@potato /root]# more /etc/pam.d/login
#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so

wbinfo -u
[root@potato /root]# wbinfo -u
MYDOMAIN\gavdav
MYDOMAIN\Guest
MYDOMAIN\Administrator
MYDOMAIN\krbtgt
MYDOMAIN\SUPPORT_388945a0
MYDOMAIN\fbloggs
<snip>

wbinfo -g
[root@potato /root]# wbinfo -g
MYDOMAIN\Domain Computers
MYDOMAIN\Cert Publishers
MYDOMAIN\Domain Users
MYDOMAIN\Domain Guests
MYDOMAIN\RAS and IAS Servers
MYDOMAIN\Group Policy Creator Owners
MYDOMAIN\Schema Admins
MYDOMAIN\Enterprise Admins
MYDOMAIN\Domain Admins
MYDOMAIN\Domain Controllers
<snip>

[root@potato /root]# getent passwd
root:x:0:0:root:/root:/bin/bash
<snip>
xfs:x:43:43:X Font Server:/etc/X11/fs:/bin/false
gdm:x:42:42::/home/gdm:/bin/bash
gavdav:x:500:500:Gavin Davenport:/home/gavdav:/bin/bash
named:x:200:200:Nameserver:/var/named:/bin/false
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin

[root@potato /root]# getent group
root:x:0:root
<snip>
nobody:x:99:
users:x:100:gavdav
<snip>
xfs:x:43:
gdm:x:42:
gavdav:x:500:
vcsa:x:69:

getent and setent are listing local users and groups.

What do I need to change in /etc/pam.d/login to fix it ?
Where should I be looking for help ?

Thanks very much

Gavin Davenport