I have been trying to set up a linux workstation (local dist. "UHU") to authenticate from a (Samba) NT Domain when I login. I've gone through several tutorials and how-tos (which tend to vary a lot) and I am still not able to log in. The only clue Ive found in the logs is in the sys.log I get:

jan 1 00:50:02 localhost gdm[1366]: gdm_slave_session_start: User not allowed to log in

Ive joined the workstation to the domain
wbinfo -u
wbinfo -g
getent passwd
getent group
all work

Here is my smb.conf:
[global]
dns proxy = No
domain master = No
encrypt passwords = Yes
guest account = nobody
guest ok = No
interfaces = lo, eth*
invalid users = root
log level = 2
map to guest = Bad Password
max log size = 10000
name resolve order = lmhosts host wins bcast
os level = 255
preferred master = No
printing = cups
server string = bagoly
socket options = IPTOS_LOWDELAY TCP_NODELAY
syslog = 0
password server = *
winbind enum groups = yes
winbind gid = 10000-20000
winbind enum users = yes
winbind uid = 10000-20000
winbind use default domain = yes
winbind separator = \
obey pam restrictions = No
security = domain
workgroup = MYDOMAIN

Here is my PAM login:
#%PAM-1.0

auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so use_first_pass nullok shadow

account required /lib/security/pam_winbind.so

password required /lib/security/pam_cracklib.so retry=3
password required /lib/security/pam_unix.so nullok use_authtok md5 shadow

session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required /lib/security/pam_env.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_utmp.so
session optional /lib/security/pam_lastlog.so never
session optional /lib/security/pam_motd.so
session optional /lib/security/pam_mail.so quiet

Here is my PAM gdm:
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_winbind.so
auth sufficient pam_unix.so use_first_pass
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account sufficient pam_winbind.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_stack.so service=system-auth
session optional pam_console.so

Here is my nsswitch.conf:
passwd: files winbind
shadow: files winbind
group: files winbind

hosts: files nisplus nis dns

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files
aliases: files

Any suggestions? Thanx.

It's just an idea, but I would try to put the winbind entrys in your pam configuration files at the beginning of the file. Perhaps the login fails because you have an "required" entry at first.