--- source/lib/pam_errors.c	2004-12-28 10:04:50.406078880 +0530
+++ source-new/lib/pam_errors.c	2004-12-28 10:04:31.047021904 +0530
@@ -67,8 +67,10 @@ static const struct {
 	{NT_STATUS_WRONG_PASSWORD, PAM_AUTH_ERR},
 	{NT_STATUS_LOGON_FAILURE, PAM_AUTH_ERR},
 	{NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED},
+	{NT_STATUS_ACCOUNT_DISABLED, PAM_ACCT_EXPIRED},
 	{NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED},
 	{NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD},
+	{NT_STATUS_PASSWORD_RESTRICTION, PAM_AUTHTOK_ERR},
 	{NT_STATUS_ACCOUNT_LOCKED_OUT, PAM_MAXTRIES},
 	{NT_STATUS_NO_MEMORY, PAM_BUF_ERR},
 	{NT_STATUS_OK, PAM_SUCCESS}
--- source/nsswitch/pam_winbind.c	2004-12-28 10:06:02.134174552 +0530
+++ source-new/nsswitch/pam_winbind.c	2004-12-28 10:05:47.173448928 +0530
@@ -156,7 +156,7 @@ static int pam_winbind_request_log(enum 
 		return retval;
 	case PAM_ACCT_EXPIRED:
 		/* account expired */
-		_pam_log(LOG_WARNING, "user `%s' account expired", user);
+		_pam_log(LOG_WARNING, "user `%s' account expired (or disabled)", user);
 		return retval;
 	case PAM_AUTHTOK_EXPIRED:
 		/* password expired */
@@ -175,6 +175,10 @@ static int pam_winbind_request_log(enum 
 			return PAM_IGNORE;
 		}	 
 		return retval;
+	case PAM_AUTHTOK_ERR:
+		/* Authentication token manipulation error */ 
+		_pam_log(LOG_WARNING, "user `%s' authentication token change failed (may be, password complexity rule is not met)", user);
+		return retval;
 	case PAM_SUCCESS:
 		if (req_type == WINBINDD_PAM_AUTH) {
 			/* Otherwise, the authentication looked good */