I see this in the winbind documentation We divide the unified logon problem for UNIX machines into three smaller problems: 1. Obtaining Windows NT user and group information 2. Authenticating Windows NT users 3. Password changing for Windows NT users The winbind system provides a simple and elegant solution to all three components of the unified logon problem. First two things are explained. I have got them to work fine and dandy. The problem is the third, for which I hardly find any bits of information googling the net. So, I have a w2kAD user that's logged in a linux station. How does he change his password. I tried this: /etc/pam.d/passwd #%PAM-1.0 auth sufficient pam_winbind.so auth required pam_unix2.so nullok use_first_pass account sufficient pam_winbind.so account required pam_unix2.so password sufficient pam_winbind.so password required pam_pwcheck.so nullok password required pam_unix2.so nullok use_first_pass use_authtok #password required pam_make.so /var/yp session required pam_unix2.so Also, I have added password sufficient pam_winbind.so in /etc/pam.d/login and /etc/pam.d/xdm I'm not sure that all of the above is ok, in fact I'm sure it's not ok. If I type "passwd" as user, it says "Unknown user".