CentOS 5 :: LDAP Accounts Prompting For Password Change
May 12, 2011
I am using CentOS 5.6 and recently, well since I updated to 5.6 when I login through ssh/telnet I am prompted to change the password of any account which is my LDAP directory. Local accounts are unaffected. I haven't tried the console as this server is tucked away in a tiny room. This is really annoying because I don't want to run password expiry on that server and I'm sure that there's nothing in LDAP to indicate password expiry is on. My shadowmax is 9999 by default for every account..which is over 27 years I think. It's only started recently. I'd like to know how I can turn the expiry message off. I'd like to get rid of cracklib as well.
my etc/pam.d/sshd is
#%PAM-1.0
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
View 6 Replies
ADVERTISEMENT
May 19, 2010
i have just installed latest centis annd when i leave my system and lock it using ctrl + alt + L when i try to loggin it doesn't prompt me for any password for loggin and i am at the desktop without any authentication.
View 5 Replies
View Related
May 13, 2011
I'm trying to setup a custom attribute for user accounts, I'm able to make the attribute (foo) and the Object class (foo_class) . But i'm unable to add foo or foo_class to my test users
View 1 Replies
View Related
Feb 19, 2010
Is it possible to completely disable the password change for users accounts in linux?? (I don't mind account lock)
View 2 Replies
View Related
Apr 13, 2011
I have a problem with my fedora workstation.I am trying to change my ldap user password through passwd command.When I first create the user on ldap server, I use md5 and create the user password.This is the entry:
Code:
dn: uid=boo,ou=People,dc=linux,dc=gettolandia,dc=org
uid: boo
[code]....
View 3 Replies
View Related
Jul 29, 2010
I have installed servers(10.04 LTS Server) with Kerberos + LDAP, now I can ssh to all those servers and login with kerberos principle. But when I want to change password, I got such error:
Code:
Current Kerberos password:
Enter new Kerberos password:
Retype new Kerberos password:
Password change rejected: Password not changed.
Kerberos database constraints violated while trying to change password.
passwd: Authentication token manipulation error
passwd: password unchanged
I have search this issue but cannot any useful information. Would someone give me a direction?
View 1 Replies
View Related
Aug 12, 2010
I have configured Ldap Server in CentOS 5.4 & it's working fine, the problem is when I create a ldapuser from server the user can login in client machine but the user has no rights to change the password. How to rectify this by using commands.
View 2 Replies
View Related
Jun 5, 2009
I have configured LDAP Server on RHEL 5.2 successfully and client can login to the server. But I do no how a client can change its LDAP password on his client machine.
View 5 Replies
View Related
Apr 21, 2010
I setup openldap and samba on 9.10. The ubuntu desktop client gets authenticated successfully with the server. But when I do a passwd on the client, only the ldap passwd is getting changed but not in the samba and the unix user account.
My smb.conf
Code:
passdb backend = ldapsam:ldap://192.168.3.100
ldap suffix = dc=example,dc=local
ldap user suffix = ou=People
ldap group suffix = ou=Groups
[code].....
But only the ldap password is getting changed and not in the samba and unix user account.
I tried
unix password sync = yes
but same result.
View 1 Replies
View Related
Sep 28, 2010
actually i have generated public and private key using "ssh-keygen" command.i have appended it to the ~/.ssh/authorized_keys file in the other netowork system.still it's prompting for password.all the systems in my network are using fedora12 and fedora13.i dont know what's wrong with it.does it need to change any configuration files ..if so what are all the changes to be made?i am trying to login using the same user for whom i created the pub key..no impersonation
View 1 Replies
View Related
Oct 26, 2010
I have been connecting to ssh but now it takes longer time to prompt for username and also password.Can any one tell what is the reason why it takes time
View 3 Replies
View Related
Jul 19, 2011
There are over a dozen of servers that I need to monitor for services running on them. Hence, I have created a separate VM on which I am hosting scripts for various purposes. I have written a script (bash) that checks the status of the services running on those servers. Since my script has this line of command (for example):
Code: /sbin/service vsftpd status I have created a user (let's name it user_monitor) and added it to /etc/sudoers file by issuing "visudo" on all the servers. Since I need to execute the command remotely from the VM so I have generated a Public RSA Key (ssh-heygen) and added it to "authorized_keys" file on all the servers. But on some servers when issue a command such as the following:
[Code]....
View 4 Replies
View Related
Apr 5, 2010
I'm having problems setting up an email client. Tried both Evolution (which looks good) and Thunderbird but both of them will not prompt for my password when connecting to my mail servers. I've quadruple checked my settings and everything looks OK however I do not get the password prompt.Creating an account in Evolution is almost the same as that shown in the documentation but I do not get prompted for the time zone. Checking where Evolution stores the passwords also comes up with different results on my computer as the location specified does exist but is empty.Evolution is running at 2.28.1 and Thunderbird is 2.0.0.24
View 5 Replies
View Related
May 1, 2010
I have installed Ubuntu three times now, and I'm running into same problem all the time, both with Karmic Koala (9.10) and now also Lucid Lynx (10.04):
When I configure Evolution for IMAP access to my GMAIL account, it never prompts me for a password. Instead, I guess Evolution tries to connect without any password and fails every time. Switching to Thunderbird didn't do the trick either, so I think it might have something to do with the Keyring daemon. My Internet connection is fine, as I can access my account under other operating systems.
Things I've tried so far:
"Forget passwords" in the evolution menu
Forcing shutdown of evolution and deleting the ~/.evolution folder (as suggested by https://bugzilla.redhat.com/show_bug.cgi?id=221112)
Accessing the keyring and deleting the default keyring
[code]....
View 3 Replies
View Related
May 27, 2010
I have 4 machines running 10.04 32 bit Intel--- all use SSH to connect to a remote server drive (disk). All except one of the machines work just fine when accessing the remote drives. The fourth PC keeps asking for a password with every directory change.
If I select cancel three times (on the troublesome unit), the desired directory opens but then the same routine occurs with the next directory change.
View 5 Replies
View Related
Mar 10, 2010
Its taking too much time to prompting me to enter password after boot-up and it is asking me to enter PAM_MOUNT password.
I entered the password which i use to login to my computer and it is not letting me to log-in.
I tried using safe mode and am not able to login through command line.
View 2 Replies
View Related
Mar 14, 2010
ive installed adobe AIR on my ubuntu karmic x64 distro as per the instructions on adobe's website, but whenever an adobe air app launches it prompts me for a password. I remember (before gnome-keyring-manager was replaced with seahorse) I found a way around it, but i gather that gnome-keyring-manager has been replaced now
View 3 Replies
View Related
Jun 1, 2011
I have configured a FTP (VSFTPD) Server in RHEL 5.6, which resulted me a default directory /var/ftp/pub. Even i have cerated another Directory /var/ftp/accounts. Where Accounts Directory is owned by user x in my server. I have a issue with this, It prompts me User and Password while accessing this ftp 192.168.5.20 in Linux Servers. But while i am trying this through a windows machine by ftp://192.168.5.20 it gets directly accessed without prompting me any User and Password.
I need to have FTP environment same like windows. where it must prompt me user name and password, and i must be able to upload and download data from my windows clients.
View 1 Replies
View Related
Jul 18, 2011
I'm trying to setup a LDAP server and it seems to have all gone pretty well. I set it so that users that type their passwords wrong 5 times are locked out for 20 minutes. That works fine, but if I want to log on as an admin and unlock their account before that 20 minutes is up it isn't working.Normally, (authenticating locally)
Code:
passwd -u blank888
works and does what I want it to. If I want passwd to recognize the LDAP server I use
Code:
passwd -D cn=Administrator,dc=example,dc=com -u blank888
When I run that, it always asks for the admin password like it should, but then will only work on some accounts and not others. Mainly I've seen that it only works on accounts that already had local accounts before connecting to the LDAP server.If I run a passwd -Sa command I will get something like:
blank888 LK 07/18/2011 0 999 7 -1
blank888 LK 07/18/2011 0 999 7 -1
test LK
blank888 already had an account on the machine, but also had a LDAP account along with test. So blank888 is showing twice because he has both LDAP and local accounts, whereas test only has a LDAP account. So now if they both get locked out passwd -D $adminDN -u $account will work for blank888 but not test. Then the results of a passwd -Sa would be:
blank888 PS 07/18/2011 0 999 7 -1
blank888 PS 07/18/2011 0 999 7 -1
test LK
I need to be able to unlock test using passwd. The LDAP server is running 11.2, and the hosts are running various Linux distros, and XP.Can anything think of a way to fix this without removing the LDAP server, adding local accounts for everyone, and then putting the LDAP server back on?
View 2 Replies
View Related
Aug 16, 2011
I am suddenly not prompted for my password when I run any command as sudo on a few of my Ubuntu servers.
if I run sudo -K, the session is cleared, and I am prompted again for my password, however it saves/caches it until I run sudo -k again even if I log out and back in. I want it to prompt me for my password, as it should (and did) by default, for security.
Any ideas what could be causing this?
Here's my /etc/sudoers file code...
View 2 Replies
View Related
Mar 28, 2010
Since reinstalling Ubuntu 9.10 and learning how to get the Notification Area working properly:
I've noticed an bunch-of-keys icon appearing intermittently in my notification area.
It appeared about 20 mins ago. I hovered the mouse over it and it generated the following text:
"Click on the icon to drop all elevated privileges"
I right-clicked on the icon, thinking I might learn something more about it. But it disappeared. No other messages were given.
It appeared again about five or ten minutes ago. I did not click on it. But it disappeared of its own accord after a minute or two.
What is this? Should I have clicked on it? What have I done? How can I get this bunch of keys under my control?
View 3 Replies
View Related
Sep 8, 2009
I installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
# rpm -qa | grep ldap
python-ldap-2.2.0-2.1
php-ldap-5.1.6-23.2.el5_3
[code]....
View 1 Replies
View Related
Sep 16, 2010
this problem is becoming too frequent now:
a) User is created using our standard protocol on the NIS/YP server.
b) *Sometimes* : user is rejected at first login. Password not recognized.
c) When going to do a password reset, being root on the NIS/YP server something like this happens:
# passwd johndoe
Changing password for user johndoe.
New UNIX password:
Retype new UNIX password:
NIS password could not be changed. << ------------- ERROR
passwd: all authentication tokens updated successfully.
The entry in the log doesn't help much: Sep 15 10:56:28 nisserver rpc. yppasswdd[2149]: update johndoe (uid=31742) from host 128. xxx194. xxx.xx rejected Sep 15 10:56:28 nisserver rpc. yppasswdd[2149]: Invalid password.
Notes:
1) A valid & strong password -known to work with other account- has been given.
2) The password is indeed changed in /etc/shadow, and the NIS/YP databases update (cd /var/yp; make) has not been done yet.
I know there is a different condition when the password is updated by the user from a Fedora host (long encoding using sha512 vs original md5 encoding in the server) - but this is happening locally on the CentOS-based server before having the user change the password. But even that has worked before with dozens of users.
A recent occurrence of the issue kept rejecting the original password chosen by the user until he decided to choose a different one. I have tried different from easy to elaborate passwords with no difference. This is just happening now with two new users: one of them reported that it worked just fine, the other is being rejected - they were created at the same time.
View 2 Replies
View Related
May 24, 2010
Someone hacked my CentOS 5.4 test box, that I run at home with a gnome interface. It is connected to a domain name, the hacker changed only the root password. How can I change the root password? I get a graphical Grub at startup and if I press "e" nothing happens. Is there a different way to have Grub boot in text mode? Remember that I don't have root access. I was thinking to use the linux rescue mode, but I don't know what steps/commands to enter.
View 2 Replies
View Related
Jul 13, 2010
for some reason the password just won't change, maybe I have the command wrong? Here is what I am doing and the error.
[root@server~]# useradd testuser
[root@server~]# passwd testuser
Changing password for user support.
passwd: Failed preliminary check by password service
View 7 Replies
View Related
Feb 9, 2010
Not sure if this goes here or under Security, however, I have hacked together some code from two different sources to make a password generator for FTP accounts.Question: How will the "strength" of an eight character password generated by the following code compare to a human generated eight character password? Will they be equally as strong?Is reading from /dev/urandom good/better/worse then just using RANDOM()? Will "salting" either result add more "strength"?Password Generator.
[Code]...
View 11 Replies
View Related
Sep 3, 2009
I'm using on my smb.conf
# Sincronizacion de cuentas LDAP, NT y LM
# unix password sync = Yes
ldap passwd sync = Yes
[code]....
View 2 Replies
View Related
Oct 15, 2010
I am running ubuntu 10.04 64 bit with Centos Directory Server centralizedauthentication tool. I can log in just fine with my ubuntu client, however when go to my Directory Server and tell it to require a password change on reset for any of my users, the ubuntu client doesn't require the user to reset their password. the reason I need this to work is so I can reset a users password from the Directory server and then have it use what I set it to for their next login attempt but then require them to set their own password. After days of searching I have only found out that it can be done by setting the option in Directory Server but Ubuntu 10.04 seems to just ignore the option. I am using the libnss-ldapd and libpam-ldapd packages on the Ubuntu client because the libnss-ldap and libpam-ldap didn't work at all, what am I missing?
View 1 Replies
View Related
Jan 8, 2010
hello i am trying to change my password, but when i type in the new password i get this:"The password is longer than 8 characters. On some systems, this can cause problems. You can truncate the password to 8 characters, or leave it as it is."my question is what kind of problem could i get and how can i change so i have to log in every time i start the computer?
View 9 Replies
View Related
Apr 5, 2010
I would like to restrict a few selected accounts to minimum of 15 characters passwords. Other accounts,however, should still be able to login with 8 character passwords. This is in RHEL 5. Does anyone know how to go about it? I have checked PAM documentation and pam_cracklib.so has an option minlen. As per its documentation, minlen can force users to use 15 characters, but it forces every account on the system. I might be wrong too.
View 5 Replies
View Related
