Is this what you need? $ cd /etc/pam.d $ cat common-auth common-session-noninteractive common-session common-password common-account | grep -v "^#"
auth [success=2 default=ignore] pam_unix.so nullok_secure auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass auth requisite pam_deny.so auth required pam_permit.so session [default=1] pam_permit.so session requisite pam_deny.so session required pam_permit.so session required pam_unix.so session optional pam_winbind.so session [default=1] pam_permit.so session requisite pam_deny.so session required pam_permit.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0027 session required pam_unix.so session optional pam_winbind.so session optional pam_ck_connector.so nox11 password [success=2 default=ignore] pam_unix.so obscure sha512 password [success=1 default=ignore] pam_winbind.so use_authtok try_first_pass password requisite pam_deny.so password required pam_permit.so password optional pam_gnome_keyring.so account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so account [success=1 new_authtok_reqd=done default=ignore] pam_winbind.so account requisite pam_deny.so account required pam_permit.so Here is the smb.conf, with comments removed and substituted in <shortDOMAINname>, <MACHINEX>, <DOMAIN> where appropriate. [global] workgroup = <shortDOMAINname> security = ADS password server = <MACHINE1>.<DOMAIN>.com, <MACHINE2>.<DOMAIN>.com realm = <DOMAIN>.COM server string = %h server (Samba, Ubuntu) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user idmap backend = idmap_rid:<DOMAIN>=50-9999999999 idmap uid = 50-9999999999 idmap gid = 50-9999999999 allow trusted domains = no winbind offline logon = true template shell = /bin/bash template homedir = /home/%D/%U winbind normalize names = yes winbind use default domain = yes usershare allow guests = yes -- passwd : gives "Authentication token manipulation error" https://bugs.launchpad.net/bugs/570944 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs