Am 09.03.2009 15:00, Gustavo Mendes de Carvalho schrieb:
I'm running an LDAP server version 2.3.39 and I'm using ppolicy to
force users in some specific things, but I'm having some issue when I
try to change my user's password with passwd command.
Here's the output screen
[user1@cliserv ~]$ ssh ldapclisrv
Your LDAP password will expire in 10 days.
WOW! How did u do that ? my debian doesnt warn my users like that. What
Distribution are u using here? Or is this some custom made login script ?
Last login: Wed Mar 4 17:42:18 2009 from cliserv
[user1@ldapclisrv ~]$ passwd
Changing password for user user1.
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:
LDAP password information update failed: Can't contact LDAP server
Must supply old password to be changed as well as new one
passwd: Permission denied
As you can see, I can login using LDAP ID, and I can change user1
password if I use ldappasswd, entering all ldap information, but I
would like to make it simpler.
the PAM Stacks at /etc/pam.d/common-* are very
misconfiguration there can lead to such situations. if happends on
password change only and if ldap account is still "valid" it may be the
please post all your common-* PAM files here including your
/etc/pam.d/passwd if available.