samba - Oct 2005 - Question about pam_winbind

I was looking at the documentation at samba.org and it says the following:

require_membership_of=[SID or NAME]

If this option is set, pam_winbind will only succeed if the user is a 
member of the given SID or NAME. A SID can be either a group-SID, a 
alias-SID or even a user-SID. It is also possible to give a NAME instead 
of the SID. That name must have the form: /|MYDOMAIN\mygroup|/ or 
/|MYDOMAIN\myuser|/. pam_winbind will, in that case, lookup the SID 
internally. Note that NAME may not contain any spaces. It is thus 
recommended to only use SIDs. You can verify the list of SIDs a user is 
a member of with *wbinfo --user-sids=SID*.

I want to only allow access to a certain group 'Domain Power Users', so 
it seems I have to do the following:
    a) wbinfo -name-to-sid="domain power users", which gives me the 
group's SID
    b) add the parameter 'require_membership_of=<SID>'
    c) restart samba

I did this but it isn't working. Can somebody help me with this? What am 
I doing wrong? BTW I'm using Samba 3.0.14 (ubuntu)

Fawzib Rojas wrote:
> I want to only allow access to a certain group 'Domain Power
Users', so
> it seems I have to do the following:
>    a) wbinfo -name-to-sid="domain power users", which gives me
the
> group's SID
>    b) add the parameter 'require_membership_of=<SID>'
>    c) restart samba
pam_winbind != samba.  Did you restart winbind?  Check also that you've 
got winbind functioning with pam for account information (ie, UID 
lookup, etc..) and not just for authentication.

-- Rex