diff --git a/pam_winbind.conf b/pam_winbind.conf
new file mode 100644
index 0000000..be0767b
--- /dev/null
+++ b/pam_winbind.conf
@@ -0,0 +1,26 @@
+#
+# pam_winbind configuration file
+#
+# /etc/security/pam_winbind.conf
+#
+
+[global]
+
+# turn on debugging
+;debug = yes
+
+# request a cached login if possible
+# (needs "winbind offline logon = yes" in smb.conf)
+;cached_login = yes
+
+# authenticate using kerberos
+;krb5_auth = yes
+
+# when using kerberos, request a "FILE" krb5 credential cache type
+# (leave empty to just do krb5 authentication but not have a ticket
+# afterwards)
+;krb5_ccache_type = FILE
+
+# make successful authentication dependend on membership of one SID
+# (can also take a name)
+;require_membership_of =
diff --git a/samba-3.0.25rc1-inotifiy.patch b/samba-3.0.25rc1-inotifiy.patch
new file mode 100644
index 0000000..f5a6ebb
--- /dev/null
+++ b/samba-3.0.25rc1-inotifiy.patch
@@ -0,0 +1,50 @@
+=== modified file 'source/smbd/notify_inotify.c'
+--- source/smbd/notify_inotify.c	2007-03-09 12:07:58 +0000
++++ source/smbd/notify_inotify.c	2007-04-10 16:27:47 +0000
+@@ -66,6 +66,7 @@
+ 	struct sys_notify_context *ctx;
+ 	int fd;
+ 	struct inotify_watch_context *watches;
++	BOOL broken_inotify;	/* Late stop for broken SELinux policy */
+ };
+ 
+ struct inotify_watch_context {
+@@ -229,8 +230,16 @@
+ 	  filenames, and thus can't know how much to allocate
+ 	  otherwise
+ 	*/
+-	if (ioctl(in->fd, FIONREAD, &bufsize) != 0 || 
+-	    bufsize == 0) {
++
++	if ((ioctl(in->fd, FIONREAD, &bufsize) != 0) && (errno == EACCES)) {
++		/*
++		 * Workaround for broken SELinux policies on Fedora
++		 */
++		TALLOC_FREE(fde);
++		in->broken_inotify = True;
++		return;
++	}
++	if (bufsize == 0) {
+ 		DEBUG(0,("No data on inotify fd?!\n"));
+ 		return;
+ 	}
+@@ -281,6 +290,7 @@
+ 	}
+ 	in->ctx = ctx;
+ 	in->watches = NULL;
++	in->broken_inotify = False;
+ 
+ 	ctx->private_data = in;
+ 	talloc_set_destructor(in, inotify_destructor);
+@@ -375,6 +385,10 @@
+ 
+ 	in = talloc_get_type(ctx->private_data, struct inotify_private);
+ 
++	if (in->broken_inotify) {
++		return NT_STATUS_OK;
++	}
++
+ 	mask = inotify_map(e);
+ 	if (mask == 0) {
+ 		/* this filter can't be handled by inotify */
+
diff --git a/samba.spec b/samba.spec
index 2939733..0f8c02b 100644
--- a/samba.spec
+++ b/samba.spec
@@ -4,7 +4,7 @@ Summary: The Samba Suite of programs
 Name: samba
 Epoch: 0
 Version: 3.0.25
-Release: 0.1.rc1%{?dist}
+Release: 0.7.rc1%{?dist}
 License: GPL
 Group: System Environment/Daemons
 URL: http://www.samba.org/
@@ -24,6 +24,7 @@ Source7: smbprint
 Source8: winbind.init
 Source9: smb.conf.default
 Source10: nmb.init
+Source11: pam_winbind.conf
 
 # Don't depend on Net::LDAP
 Source999: filter-requires-samba.sh
@@ -46,6 +47,10 @@ Patch110: samba-3.0.21pre1-smbspool.patch
 Patch111: samba-3.0.13-smbclient.patch
 #Patch112: samba-3.0.15pre2-bug106483.patch
 #Patch113: samba-3.0.21-warnings.patch
+Patch200: samba-3.0.25rc1-inotifiy.patch
+Patch201: samba-3-0-25rc1-bugday-apr10.patch
+Patch202: samba3_idmap_loop.patch
+
 
 Requires(pre): samba-common = %{epoch}:%{version}-%{release}
 Requires: pam >= 0:0.64 %{auth} 
@@ -149,6 +154,7 @@ cp %{SOURCE7} packaging/Fedora/
 cp %{SOURCE8} packaging/Fedora/winbind.init
 cp %{SOURCE9} packaging/Fedora/
 cp %{SOURCE10} packaging/Fedora/
+cp %{SOURCE11} packaging/Fedora/
 
 # Upstream patches
 #(none)
@@ -165,6 +171,9 @@ cp %{SOURCE10} packaging/Fedora/
 %patch111 -p1 -b .smbclient
 #%patch112 -p1 -b .bug106483
 #%patch113 -p1 -b .warnings
+%patch200 -p0 -b .inotify
+%patch201 -p0 -b .bugday
+%patch202 -p0 -b .idmap_loop
 
 # crap
 rm -f examples/VFS/.cvsignore
@@ -206,6 +215,7 @@ CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -DLDAP_DEPRECATED" %configure \
 	--with-logfilebase=/var/log/samba \
 	--with-libdir=%{_libdir}/samba \
 	--with-configdir=%{_sysconfdir}/samba \
+	--with-pammodulesdir=%{_sysconfdir}/security \
 	--with-swatdir=%{_datadir}/swat \
 	--with-shared-modules=idmap_ad,idmap_rid \
 
@@ -233,7 +243,7 @@ rm -rf $RPM_BUILD_ROOT
 mkdir -p $RPM_BUILD_ROOT/sbin
 mkdir -p $RPM_BUILD_ROOT/usr/{sbin,bin}
 mkdir -p $RPM_BUILD_ROOT/%{_initrddir}
-mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/{pam.d,logrotate.d}
+mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/{pam.d,logrotate.d,security}
 mkdir -p $RPM_BUILD_ROOT/var/{log,spool}/samba
 mkdir -p $RPM_BUILD_ROOT/var/lib/samba
 mkdir -p $RPM_BUILD_ROOT/var/lib/samba/private
@@ -271,6 +281,7 @@ install -m755 packaging/Fedora/smbprint $RPM_BUILD_ROOT%{_bindir}
 install -m755 packaging/Fedora/smb.init $RPM_BUILD_ROOT%{_initrddir}/smb
 install -m755 packaging/Fedora/nmb.init $RPM_BUILD_ROOT%{_initrddir}/nmb
 install -m755 packaging/Fedora/winbind.init $RPM_BUILD_ROOT%{_initrddir}/winbind
+install -m644 packaging/Fedora/pam_winbind.conf $RPM_BUILD_ROOT%{_sysconfdir}/security
 #ln -s ../..%{_initrddir}/smb  $RPM_BUILD_ROOT%{_sbindir}/samba
 install -m644 packaging/Fedora/samba.pamd $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/samba
 install -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/samba