I haven't found here or Google whether syncing the smbpasswd file can be with /etc/shadow rather than /etc/passwd. Anyone know if the cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd command is required and will successfully create a Samba password file on a server using shadow passwords??

Just renewing the post since this is still an issue. Samba help seems to indicate that a smb.conf setting for

unix password sync = Yes

would keep user samba passwords in sync with their linux password (either passwd or shadow), but we are not experiencing this. I even went so far as to pwunconv, then cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd and back to pwconv, but the resultant smbpasswd file simply doesn't have valid passwords. All named users have records similar to the following after the mksmbpasswd shell is run:

corbins:536:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:

In this scenario, users can't even run smbpasswd themselves to change their own Samba password since it fails the initial 'current password' challenge and I have to make a change for them as root.

Any ideas?

Have you added a password script in the smb.conf for the sync'ing?
This is pretty basic and you can find much better examples with http://google.com/linux

passwd program = /usr/bin/passwd %u
passwd chat = *password* %n\n \
*password* %n\n \
*successful*

Also check the samba logs, the errors are usually printed there and have a tendency to really help out with samba problems ;)

This is how we have the smb.conf file setup:

[root@ssi04 rfxtest]# grep passw /etc/samba/smb.conf
encrypt passwords = Yes
min passwd length = 5
null passwords = No
smb passwd file = /etc/samba/smbpasswd
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*success fully*
passwd chat debug = No
password level = 0
unix password sync = Yes