may be the following helps: instead of editing /etc/pam.d/login, change only /etc/pam.d/system-auth. there are othersmall changes that you need to do in the indivisual files too. here are mine:
/etc/pam.d/system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_winbind.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok use_first_pass auth required /lib/security/$ISA/pam_deny.so account sufficient /lib/security/$ISA/pam_unix.so account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_winbind.so account sufficient /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_winbind.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session sufficient /lib/security/$ISA/pam_unix.so session sufficient /lib/security/$ISA/pam_winbind.so /etc/pam.d/sshd: #%PAM-1.0 auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session optional /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel umask=0022 /etc/pam.d/login: #%PAM-1.0 auth required pam_securetty.so auth sufficient pam_stack.so service=system-auth auth required pam_nologin.so account sufficient pam_stack.so service=system-auth password required pam_stack.so service=system-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_stack.so service=system-auth session optional pam_console.so # pam_selinux.so open should be the last session rule session required pam_selinux.so multiple open > > Contents of /etc/pam.d/login: > > #%PAM-1.0 > auth required pam_securetty.so > auth sufficient pam_winbind.so > auth sufficient pam_unix.so use_first_pass > auth required pam_stack.so service=system-auth > auth required pam_nologin.so > account sufficient pam_winbind.so > account required pam_stack.so service=system-auth > password required pam_stack.so service=system-auth > # pam_selinux.so close should be the first session rule > session required pam_selinux.so close > session required pam_stack.so service=system-auth > session optional pam_console.so > # pam_selinux.so open should be the last session rule > session required pam_selinux.so multiple open > smb.conf is another place for errors. but will post that if this does not help. Cheers! Akshay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba