Segue abaixo o conteúdo dos arquivos:
@common-account:
#
# /etc/pam.d/common-account - authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system. The default is to
# only deny service to users whose accounts are expired in /etc/shadow.
#
account sufficient pam_winbind.so
account required pam_unix.so
@common-auht:
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
auth requisite pam_unix.so nullok_secure
auth sufficient pam_winbind.so
auth optional pam_smbpass.so migrate missingok
@common-pammount:
# Include this file in every /etc/pam.d/SERVICE you use for login:
# [...]
# @include common-auth
# @include common-session
# [...]
# # added for libpam-mount
# @include common-pammount
#
# Make sure that the common-auth and common-session includes are
# above the common-pammount include (just as in the example above).
# replace "optional" with "required" if a user must mount the specified
# volumes, for example the home directory
# make sure that there is no PAM module loaded with a "sufficient"
# priority before these entries, else the pam_mount module is not
# executed
# for configuration details about different login programs see
# /usr/share/doc/libpam-mount/README.Debian.gz
auth optional pam_mount.so try_first_pass
session optional pam_mount.so try_first_pass
@common-#
# /etc/pam.d/common-password - password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
# used to change user passwords. The default is pam_unix.
# Explanation of pam_unix options:
#
# The "nullok" option allows users to change an empty password, else
# empty passwords are treated as locked accounts.
#
# The "md5" option enables MD5 passwords. Without this option, the
# default is Unix crypt.
#
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs.
#
# You can also use the "min" option to enforce the length of the new
# password.
#
# See the pam_unix manpage for other options.
password requisite pam_unix.so nullok obscure md5
# Alternate strength checking for password. Note that this
# requires the libpam-cracklib package to be installed.
# You will need to comment out the password line above and
# uncomment the next two in order to use this.
# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')
#
# password required pam_cracklib.so retry=3 minlen=6 difok=3
# password required pam_unix.so use_authtok nullok md5
password sufficient pam_winbind.so use_first_pass use_authtok md5
# minimally-intrusive inclusion of smbpass in the stack for
# synchronization. If the module is absent or the passwords don't
# match, this module will be ignored without prompting; and if the
# passwords do match, the NTLM hash for the user will be updated
# automatically.
password optional pam_smbpass.so nullok use_authtok
@common-session:
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive). The default is pam_unix.
#
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel umask=0022
@coommon-winbind:
account required pam_winbind.so
auth required pam_winbind.so
session required pam_winbind.so
O que pode estar errado ?