Re: [389-users] PAM Pass Through- PAM succeeds but 389 fails?

It looks as though you're missing a part of your PAM configuration. The directory server log is indicating that the user failed the account management portion of things ("Error from PAM during pam_acct_mgmt"), and your PAM configuration doesn't appear to have any "account" modules listed in it. I'd suggest adding "account required pam_krb5.so" to the file, which would both provide some configuration (so that the default, which is to fail, isn't used) and let the module properly deny access when the user's password has expired.