Authenticate against AD: Access denied when "User must change password at next logon" is set

[D G Teed]

Is there a reason winbind and a little krb5 client config
(without using full kerberos) doesn't fit your needs?
That is how we pam authenticate to AD.  I'm not sure
about the force password change, but I did have the
passwd command on Linux set up the password on AD
when winbind was in /etc/nsswitch.conf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20110727/4e389338/attachment.htm>