4:52 a.m.
I've got openLDAP running and installed the pam and nss libraries so it
would also control the Linux passwords. I'm trying to sign onto my server
using ssh - but once I enter my username and password, I get
WARNING: Your password has expired.
You must change your password now and login again!
Enter login(LDAP) password:
Now being a bad security person, I always use the exact same username /
password combination and they don't work.
If a use either nothing (just hit Enter) or if I put in the standard
password I get
passwd: Authentication information cannot be recovered
passwd: password unchanged
Connection to ubuntu closed.
If I enter in some nonsensical string I get
LDAP Password incorrect: try again
Enter login(LDAP) password:
However, that is the only root level user on the machine and I have TONS of
stuff on it. How do I fix? Is this an openLDAP issue or something else?
Thanks
6:21 a.m.
You probably don't have the slapd ACLs configured so clients can read the
necessary shadow fields... particularly those governing password age (e.g.,
shadowLastChange, shadowMax).
On Tue, Jul 28, 2009 at 5:52 AM, <mlb(a)imparisystems.com> wrote:
I've got openLDAP running and installed the pam and nss libraries
so it
would also control the Linux passwords. I'm trying to sign onto my server
using ssh - but once I enter my username and password, I get
WARNING: Your password has expired.
You must change your password now and login again!
Enter login(LDAP) password:
Now being a bad security person, I always use the exact same username /
password combination and they don't work.
If a use either nothing (just hit Enter) or if I put in the standard
password I get
passwd: Authentication information cannot be recovered
passwd: password unchanged
Connection to ubuntu closed.
If I enter in some nonsensical string I get
LDAP Password incorrect: try again
Enter login(LDAP) password:
However, that is the only root level user on the machine and I have TONS of
stuff on it. How do I fix? Is this an openLDAP issue or something else?
Thanks
11:44 a.m.
Thanks Matt -
With your hint, I was able to start digging around and found out that
the problem was with pam - I ended up going
into /etc/pam.d/common-password and change
password sufficient pam_ldap.so use_first_pass
password sufficient pam_ldap.so
Not quite sure what it does - but it works and I'll read the man pam
pages later
On Tue, 2009-07-28 at 07:21 -0600, Matt Kassawara wrote:
You probably don't have the slapd ACLs configured so clients can
read
the necessary shadow fields... particularly those governing password
age (e.g., shadowLastChange, shadowMax).
On Tue, Jul 28, 2009 at 5:52 AM, <mlb(a)imparisystems.com> wrote:
I've got openLDAP running and installed the pam and nss
libraries so it
would also control the Linux passwords. I'm trying to sign
onto my server
using ssh - but once I enter my username and password, I get
WARNING: Your password has expired.
You must change your password now and login again!
Enter login(LDAP) password:
Now being a bad security person, I always use the exact same
username /
password combination and they don't work.
If a use either nothing (just hit Enter) or if I put in the
standard
password I get
passwd: Authentication information cannot be recovered
passwd: password unchanged
Connection to ubuntu closed.
If I enter in some nonsensical string I get
LDAP Password incorrect: try again
Enter login(LDAP) password:
However, that is the only root level user on the machine and I
have TONS of
stuff on it. How do I fix? Is this an openLDAP issue or
something else?
Thanks
5003
days inactive
5057
days old
openldap-technical@openldap.org
2 comments
3 participants
participants (3)
-
Matt Burkhardt -
Matt Kassawara -
mlb@imparisystems.com