You probably don&#39;t have the slapd ACLs configured so clients can read the necessary shadow fields... particularly those governing password age (e.g., shadowLastChange, shadowMax).<br><br><div class="gmail_quote">On Tue, Jul 28, 2009 at 5:52 AM,  <span dir="ltr">&lt;<a href="mailto:mlb@imparisystems.com">mlb@imparisystems.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">I&#39;ve got openLDAP running and installed the pam and nss libraries so it<br>
would also control the Linux passwords. I&#39;m trying to sign onto my server<br>
using ssh - but once I enter my username and password, I get<br>
<br>
WARNING: Your password has expired.<br>
You must change your password now and login again!<br>
Enter login(LDAP) password:<br>
<br>
Now being a bad security person, I always use the exact same username /<br>
password combination and they don&#39;t work.<br>
<br>
If a use either nothing (just hit Enter) or if I put in the standard<br>
password I get<br>
<br>
passwd: Authentication information cannot be recovered<br>
passwd: password unchanged<br>
Connection to ubuntu closed.<br>
<br>
If I enter in some nonsensical string I get<br>
<br>
LDAP Password incorrect: try again<br>
Enter login(LDAP) password:<br>
<br>
<br>
However, that is the only root level user on the machine and I have TONS of<br>
stuff on it. How do I fix? Is this an openLDAP issue or something else?<br>
<br>
Thanks<br>
<br>
</blockquote></div><br>