I am using winbind to authenticate services against and active
directory. Pam configuration file looks like this:

auth required pam_winbind.so
account required pam_winbind.so

Everything works great for other services but I only want the auth to
be successful if the user belongs to a certain domain group for this
service (ie domain admin)

Can I pass this in an argument in the pam file like this:
auth required pam_winbind.so group=DOMAIN+Group

What are the module arguments that I can use with winbind (or is there
another way to do this)

Thanks

Nathan