Версия Linux-PAM-1.0.3.

diff -ru Linux-PAM.orig/modules/pam_group/pam_group.c Linux-PAM/modules/pam_group/pam_group.c
--- Linux-PAM.orig/modules/pam_group/pam_group.c    2009-05-14 12:52:23.000000000 +0400
+++ Linux-PAM/modules/pam_group/pam_group.c    2009-05-14 12:53:55.000000000 +0400
@@ -657,9 +657,12 @@
                "%s: no user entry #%d", PAM_GROUP_CONF, count);
         continue;
     }
+    /* If buffer starts with %, we are using unix groups */
+    if (buffer[1] == '%')
+      good &= pam_modutil_user_in_group_nam_nam (pamh, user, &buffer[2]);
     /* If buffer starts with @, we are using netgroups */
-    if (buffer[0] == '@')
-      good &= innetgr (&buffer[1], NULL, user, NULL);
+    else if (buffer[1] == '@')
+      good &= innetgr (&buffer[2], NULL, user, NULL);
     else
       good &= logic_field(pamh,user, buffer, count, is_same);
     D(("with user: %s", good ? "passes":"fails" ));

После этого в файле /etc/security/group.conf можно использовать следующую запись:

*; *; %users; Al0000-2400; disk, floppy, audio, cdrom, dialout, video, games, cdrw, usb, plugdev