I'm trying to get users to be able to change their Active Directory Password from Linux when they login. When a user forgets his/her password, I reset and set it so that they have to change it next time they login. They are able to do it in Windows, but not under Linux. A window pops up telling them that they have to change their password now, but they don't get a little window where they can change it... /etc/pam.d/gdm #%PAM-1.0 auth required pam_env.so auth required pam_nologin.so auth include system-auth account include system-auth password include system-auth session optional pam_console.so session include system-auth /etc/pam.d/system-auth #%PAM-1.0 auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account sufficient pam_unix.so account sufficient pam_winbind.so use_first_pass account required pam_deny.so password sufficient pam_winbind.so password required pam_cracklib.so retry=3 minlen=4 dcredit=0 ucredit=0 password sufficient pam_unix.so nullok use_authtok md5 shadow password required pam_deny.so session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022 session optional pam_keyinit.so revoke session required pam_limits.so session required pam_unix.so /etc/pam.d/system-auth-winbind #%PAM-1.0 auth required pam_env.so auth sufficient pam_winbind.so auth sufficient pam_unix.so likeauth nullok use_first_pass auth required pam_deny.so account sufficient pam_winbind.so account required pam_unix.so password sufficient pam_winbind.so password required pam_cracklib.so retry=3 password sufficient pam_unix.so nullok use_authtok md5 shadow password required pam_deny.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_limits.so session required pam_unix.so /etc/pam.d/common-account account sufficient pam_winbind.so account required pam_unix.so /etc/pam.d/common-auth auth sufficient pam_winbind.so auth sufficient pam_unix.so nullok_secure use_first_pass auth required pam_deny.so /etc/pam.d/common-session session required pam_unix.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel /etc/pam.d/passwd #%PAM-1.0 auth include system-auth account include system-auth password include system-auth /etc/pam.d/samba #%PAM-1.0 auth include system-auth account required pam_nologin.so account include system-auth session include system-auth
Turned out to be a local pam.d configuration issue (as communicated on IRC) and not a samba bug. Thanks for the report anyway.