Swat uses PAM but changes linux passwd not samba passwd
Have standalone server with swat to change passwds.
relevant smb.conf lines.
Pam restrictions = yes
Use pam for passwd change = yes
encrypted passwords = yes
sync linux passwd = yes (along with a line on passwd chat etc)
Samba does not use PAM when "encrypted passwords = yes" but SWAT does. Problem is that swat changes the linux passwd and not the samba one. Clearly PAM does not know to look to tdbsam for the passwd backend. So users can log into their home directory on the smb passwd but if they change psswd wih swot then they have to use their new passwd for swat and old passwd to get into their fies
So how do you tell it.
On other distros there is a pam_smbpass.so to tell pam where to find the passwds but in the ubuntu distribution there is not.