Dotaz: Jak spravne nakonfigurovat moduly pam?

Ahoj,
mam problem s nastavenim prihlaseni pomoci modulu pam na FC6.
Pouzivam winbind pro autentizaci uzivatelu vuci w2k3 serveru a pam mount pro pripojeni jejich domovskeho adresare w2k3 file serveru.
Problem je ze pri soucasnem nastaveni po mne system sice pri prihlaseni vyzaduje heslo, ale muze byt jakekoliv. V domene mam treba vytvoreneho uzivatele s prihlasovacim jmenem tester a s heslem TesTeR. Kdyz se pokusim prihlasit na linuxovou stanici s timto uzivatelem a jakymkoliv heslem, tak se do systemu dostanu a jedine co nefunguje je namapovani domovskeho adresare.
Pritom kdyz autentizaci vyzkousim pomoci kinit nebo wbinfo -a vse funguje normalne.
Mohl by mi nekdo poradit jak upravit nastaveni pam, aby vse fungovalo tak jak ma?
Moje konfigurace:

auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth sufficient pam_mount.so use_first_pass debug
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_smb_auth.so use_first_pass nolocal
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so

account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_krb5.so use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_krb5.so

session required pam_mkhomedir.so skel=/etc/skel umask=0077
session optional pam_mount.so use_first_pass debug

Diky za radu.