Hello, I currently have samba configured with winbind so that I can login using NT authentication with my domain controller. Winbind is working perfectly with the domain, I have /etc/pam.d/login configured perfectly and I can login through the console.etc.. However, when I try to use passwd, it doesn't prompt for a new password, it does this: bash-2.05b$ passwd Changing password for user ELSHAIR. passwd: Authentication token manipulation error bash-2.05b$ Here is my system auth-file: # cat system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so likeauth nullok use_first_pass auth required /lib/security/pam_deny.so account sufficient /lib/secutiry/pam_winbind.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so[ My /etc/pam.d/passwd file is as follows: bash-2.05b$ cat /etc/pam.d/passwd #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth What exactly do I need to change in passwd or system-auth so that a domain user can change his or her password in linux and for it to update the password in the domain controller. Please reply with an example of how the entire file should be like. It tends to be a bit confusing when someone says "the auth line should be so and so" because there are so many auth lines. Also, I am having problems getting domain users to login through ssh, my /etc/pam.d/sshd file is this: #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_limits.so session optional /lib/security/pam_console.so I have tried using the same configuration of /etc/pam.d/login (which works for console login and telnet) but it doesn't seem to work with ssh. /var/log/messages doesn't show any login attempts what so ever when I use the aits+domainUser as login. But obviously when I use a normal user, it does display the login attempt in the log. If anyone knows how to configure the /etc/pam.d/sshd to work with domain logins, I would appreciate that too. Please include an example of the whole file. Thanks, Ferras Elshair -------------- next part -------------- HTML attachment scrubbed and removed