[Samba] PAM.d files other general knowledge

[Pierce, Shawn D]

In the installation docs it says to edit the /etc/pam.d/* files. I took this
to mean only to edit the /etc/pam.d/samba file. I have noticed that people
have been editing the SAMBA file, /etc/pam.d/login and
/etc/pam.d/system-auth.

Here is my Samba file :
#%PAM-1.0
auth       sufficient   /lib/security/pam_winbind.so
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_winbind.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so

It seems to work I can log into my Samba share with users from my DOMAIN and
Trusted domains but, not always right away. One account I must have tried a
100 times but it didn't work until I used the wbinfo -a USER%PASSWORD. Other
accounts worked the first time through.

I also have the /homes/winnt directory specified in the smb.conf file but
there are never any directories for users created in there. Do I need a
expanded [HOMES] section in my smb.conf? Or am I missing another parameter?

I believe I ave a rather basic smb.conf file as well are there things that
are critical that I would be missing from this file?

[global]
	winbind uid = 10000-20000
	encrypt passwords = yes
	template shell = /bin/bash
	socket options = TCP_NODELAY 
	template homedir = /home/winnt/%D/%U
	winbind cache time = 10
	max log size = 25
	password server = 172.31.1.38
	security = domain
	winbind separator = +
	winbind gid = 10000-20000
	log level = 4
	server string = AzSort Samba linux
	workgroup = mfg 
	netbios name = %h
	log file = /var/log/log.%m
	netbios aliases = %h

[homes]
   comment = Home Directories
   browseable = yes
   writable = yes

# Un-comment the following and create the netlogon directory for Domain
Logons
; [netlogon]
;   comment = Network Logon Service
;   path = /usr/local/samba/lib/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
;    path = /usr/local/samba/profiles
;    browseable = no
;    guest ok = yes


# NOTE: If you have a BSD-style print system there is no need to 
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /usr/spool/samba
   browseable = no
# Set public = yes to allow user 'guest account' to print
   guest ok = no
   writable = no
   printable = yes

# This one is useful for people to share files


[tmp]
	path = /tmp
	writable = yes

Thanks for all the help BTW reading the list got me through the install
today with only some minor frustration.

Shawn