OpenSUSE Install :: Unlocking LDAP Accounts Using Passwd?
Jul 18, 2011
I'm trying to setup a LDAP server and it seems to have all gone pretty well. I set it so that users that type their passwords wrong 5 times are locked out for 20 minutes. That works fine, but if I want to log on as an admin and unlock their account before that 20 minutes is up it isn't working.Normally, (authenticating locally)
Code:
passwd -u blank888
works and does what I want it to. If I want passwd to recognize the LDAP server I use
Code:
passwd -D cn=Administrator,dc=example,dc=com -u blank888
When I run that, it always asks for the admin password like it should, but then will only work on some accounts and not others. Mainly I've seen that it only works on accounts that already had local accounts before connecting to the LDAP server.If I run a passwd -Sa command I will get something like:
blank888 LK 07/18/2011 0 999 7 -1
blank888 LK 07/18/2011 0 999 7 -1
test LK
blank888 already had an account on the machine, but also had a LDAP account along with test. So blank888 is showing twice because he has both LDAP and local accounts, whereas test only has a LDAP account. So now if they both get locked out passwd -D $adminDN -u $account will work for blank888 but not test. Then the results of a passwd -Sa would be:
blank888 PS 07/18/2011 0 999 7 -1
blank888 PS 07/18/2011 0 999 7 -1
test LK
I need to be able to unlock test using passwd. The LDAP server is running 11.2, and the hosts are running various Linux distros, and XP.Can anything think of a way to fix this without removing the LDAP server, adding local accounts for everyone, and then putting the LDAP server back on?
View 2 Replies
ADVERTISEMENT
Mar 15, 2011
I recently set up a LDAP server, and have a server using it to authenticate users.
That works completely, but when a user tries to use passwd to change his password this happens.
Code:
And this is in /var/log/auth.log
Code:
View 1 Replies
View Related
May 20, 2010
I recently set up a ldap server for user authentication and I want to be able to configure the passwd utlity to automatically update the password for the local account AND on the ldap server. How would I go about this?
View 7 Replies
View Related
May 12, 2011
I am using CentOS 5.6 and recently, well since I updated to 5.6 when I login through ssh/telnet I am prompted to change the password of any account which is my LDAP directory. Local accounts are unaffected. I haven't tried the console as this server is tucked away in a tiny room. This is really annoying because I don't want to run password expiry on that server and I'm sure that there's nothing in LDAP to indicate password expiry is on. My shadowmax is 9999 by default for every account..which is over 27 years I think. It's only started recently. I'd like to know how I can turn the expiry message off. I'd like to get rid of cracklib as well.
my etc/pam.d/sshd is
#%PAM-1.0
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
View 6 Replies
View Related
May 13, 2011
I'm trying to setup a custom attribute for user accounts, I'm able to make the attribute (foo) and the Object class (foo_class) . But i'm unable to add foo or foo_class to my test users
View 1 Replies
View Related
Mar 23, 2010
I read that passwd -S spits out informationabout a user's password including the encryption algorithm used to encrypt the password in /etc/shadow. I ran the command but nothing about the algorithm is returned. Is this a quirk in openSUSE?On another note, I've determined through other means that I've selected blowfishryption as evidenced by the $2blah$2blahblah format of the /etc/shadow entry. However, if I look at /etc/default/passwd it lists CRYPT=md5. If I'm using blowfish why would that variable be set to md5. onversely, if it is set to md5 why is the blowfish algorithm being invoked?
View 4 Replies
View Related
Dec 25, 2009
I'm using Gnome as my desktop in openSuSE 11.2. How do I set my login so that all users are not shown?
View 3 Replies
View Related
Dec 7, 2009
Ive recently installed OpenSuse 11.2 and chose to install gnome with KDE4. Having done so i'm using kdm4 as the display mgr defined in /etc/sysconfig/display manager. However kdm4 reveals all the user names which I don't really like. Ive tried others including console. After logging in manually ive typed startx gnome which fails. How do you continue to use kdm4 setting and omit the display of the user accounts
View 9 Replies
View Related
Jan 14, 2011
we know that /etc/passwd - is a replica of /etc/passwd file and acts as a backup in any damage done to /etc/passwd file..i have observed a strange thing in RHEL 5.4....for example... if /etc/passwd has 100 accounts.. then /etc/passwd - is having only 99 accounts....when i add 101 useraccount with "useradd" then /etc/passwd has 101 accounts and /etc/passwd is having the 100th account of /etc/passwd - ..when i delete /etc/passwd and recover it with /etc/passwd - from runlevel 1 the lastly created user is not having his account after recovery.. what is the solution? this is same case even with /etc/shadow and /etc/shadow -
View 2 Replies
View Related
Jul 2, 2010
I took to yast to install ldap. I creating the CA cert, server key and server cert and specified them during the yast ldap server dialogs.
The firewall is open for ldap.
I also went through yast's ldap client ... though I didn't exactly see to anything (presuably it wrote up a configuration file somewhere).
However when trying use the basic ldap tools, like ldapwhoami. Well it doesn't connect and gives me the above error. Of coure the ldap db is unpopulated as yet, so it probably is not able to say who am at all. But ldapadd doesn't work either.
It seems to point to my SSL usage not being correct .. so I'm trying to double check that now.
View 2 Replies
View Related
Jul 14, 2011
Whenever I save a text file edited with LibreOffice, I get a new, locked file which can be identified with its "~.lock" file prefix. This locked file prevents access (probably for security reasons) to the original file. However, this is a serious impediment as it forbids any further editing of the original file or document so long as the locked file has not been removed. Though erasing this locked file (which can be made visible with "Ctrl-H" if hidden) should free the original, this in fact is not the case. how to unlock these locked files?
View 9 Replies
View Related
Jun 25, 2011
NetworkManager stores its connection secrets in a keyring called "default". I am prompted to supply the keyring password every time I log in, regardless of whether I select the "automatically unlock this keyring when I log in" radio button.
View 4 Replies
View Related
Nov 19, 2009
I had 11.1 for some time, was working fine. decided to upgrade... long story short - did a fresh install with livecd of the 11.2. I use ldap server for authentication, its on the lan. configuration during install goes through fine. fetch dn, etc... then after the bootup - authentication error for any user except root. At the same time automounter works fine, ldap requests are going through for hosts (my local hostnames are also on this ldap server), I can edit users through YAST when logged on this box, but alas! even for "su - user" I get "incorrect password", whereas if I am root, then "su - user" gets me logged in as user. password does not go through!
View 3 Replies
View Related
Feb 6, 2010
I'm having problems setting up an LDAP server for suers. The SUSE user management won;t let me create users with passwords longer than 8 characters in the LDAP directory. Local users are fine. This is a new LDAP server setup using the instructions from Integrating LDAP and Samba using openSUSE
I'm getting the error "The password is too long for the current encryption method. Truncate it to 8 characters?" I can create users with short passwords, but this isn't acceptable - it's a security issue.
The susePasswordHash in LDAP is SSHA (default)
The password hash in users & groups management is blowfish.
how to get this working with long passwords?
View 1 Replies
View Related
Apr 11, 2011
I am switching to Gnome because its look and feel is closer to Windows for my workgroup. LDAP and NFS are working fine with KDE and SSH. but I cant login with LDAP users both directly or via NX client. When logging in directly on the server it shows this error:
Code:
"Xsession: Login for <user> is disabled "
When logging via NX client it says, it authenticated successfully and then quited with this popup message:
Code:
Could not connect to session bus: Failed to connect to socket /tmp/dbus-0frstajyNE: Connection refused
I closed this popup window and one more appeared:
Code:
Could not acquire name on session bus
[Code]....
View 2 Replies
View Related
Jun 18, 2011
I'm currently running openSuSE 11.4 (kde v 4.6.4), and after unlocking the mouse cursor from the DOSBox (v 0.74) window, none of the Plasma Desktop Widgets or Components will register mouse clicks until I reboot.
Is there something config-wise I might change to prevent this from happening, or is there an otherwise quick way to restart only plasma using the terminal? Yakuake still drops down, and works, fortunately, so doing this is not a problem.
EDIT: Forgot to mention that all of said applications were installed from openSuSE repos using YaST2.
View 6 Replies
View Related
May 31, 2010
we have a weird problem with our opensuse 11.2 server installation.
We want to set up a LDAP Server using the Yast-LDAP Server configuriation tool.
This indeed already worked weeks ago until....this week.
Maybe some updates??!
I do not know what happend exactly. The server just does not want to start again and throws following error:
Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1 failed
This happend after a little check of the configuration, but without a change, with Yast. Google delivered only "reinstall your box"-answers.
So.. i did that. And now the "mystical" part: The SAME ERROR occurs with a fresh vanilla system with a brand new and simple configuration (certificats, database, pw...the first Yast config dialog...). I did not change the way i set it up.
I remember, when i did this the first time with 11.2 on that machine, when no problems occured...everything was running out of the box (except the "use commen server certificate" option...).
View 4 Replies
View Related
Jan 19, 2010
I'm in debian trying to install passwd. It's giving me a heck of a time with shadowconfig, because that program tells me what's wrong but doesn't fix it for me. Basically it is saying that there are a lot of entries missing from my shadow file. So how do I add them? I don't want to have to do it all by hand.
View 4 Replies
View Related
Jan 16, 2010
I installed fedora 12 Constantine and the install gets to the point of rebooting once it's done with the reboot it goes right in to the login without creating a root account or a user account.How can I solve this issue, there has to be like 3 or 4 solutions to this problem I'm just new to linux.
View 3 Replies
View Related
Mar 13, 2011
i have just updated to openSuSE 11.4 [64 bit]; rkhunter is giving these Warnings :
Warning: User 'rtkit' has been added to the passwd file.
Warning: User 'pulse' has been added to the passwd file.
Warning: User 'statd' has been added to the passwd file.
Warning: Changes found in the group file for group 'audio': User 'pulse' has been added to the group
Warning: Group 'rtkit' has been added to the group file.
Warning: Group 'pulse' has been added to the group file.
Warning: Group 'pulse-access' has been added to the group file.
Warning: Suspicious file types found in /dev: /dev/shm/initrd_exports.sh: ASCII text
Warning: Hidden directory found: /dev/.sysconfig
Warning: Hidden directory found: /dev/.mount
Do these look Normal, Are these False-Positives??
View 4 Replies
View Related
Feb 24, 2010
can KMail be configured to have two different accounts and keep one tree of folders for each, like Seamonkey?
VampirD
No in elenath h�lar nan h�d g�n
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
[code]....
View 1 Replies
View Related
Mar 1, 2010
I've switched off the borg at home 100% (yippee). Wife and kids are now logging on, firing up 2-3 apps (usually FF, songbird and nautilus) and then switching users to allow the other on. This has the unexpected side effect of locking the audio device so the other user cannot use it until they shutdown those apps that have /dev/dsp open in a locked fashion.Is this "normal" behaviour? or is there something I'm missing in the setup?
View 7 Replies
View Related
Aug 6, 2010
I have OpenSuse 11.2 installed and I'm currently testing out Magento Commerce which is working as expected. In order to create fake customers the application requires a unique e-mail address for each customer. I currently use postfix and have all the e-mails being sent to my providers domain which i only have 2 email user accounts. How do i set up virtual e-mail addresses like joeblog@fakedomain.com and maryblog@fakedomain.com such that when the Magento Application sends emails to these addresses I would like to access the corresponding mail boxes on the same host. (i.e. the machine i run Magento on)
View 1 Replies
View Related
Apr 21, 2010
I think this goes here. I just installed Diablo II LOD on Wine today on my user account, which is not root, and I switched over to my brother's account I set up for him separate of mine and root and Diablo does not show up for him.How do I install a program not using the terminal or Synaptic and have the program show up for all accounts on my machine?It isn't a terrible problem. I just wanted to know how to do it.
View 3 Replies
View Related
Dec 7, 2010
Is it possible to install Ubuntu Server and have user accounts and log into the server via a Windows XP machine? Sorry if its a stupid question! Many thanks
View 3 Replies
View Related
Jul 23, 2010
I have just installed/upgraded OpenSUSE 11.3 and setup Evolution Email with 3 Email Accounts. Just for a while I could see all 3 accounts listed on the left column.Suddenly after reading some emails I just noticed that one Email Account (Comcast) had disappeared from the listing. I went to Edit-->Preferences and all 3 accounts are there and all 3 have check marks. I have done a lot of things trying to fix this issue, even uninstall/reinstall Evolution Mail, but nothing of what I have done has been able to make this Email account to be listed again.
View 1 Replies
View Related
Mar 13, 2010
i have configured ldapserver on rhel4 for creating address book
following are configuration files on ldap server
/etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
i am able to import this ldif file into database.also when i perform the ldapsearch on this server with command"ldapsearch �x �W �D �cn=manager, dc=example, dc =com� �b �dc=example, dc=com�" i get correct output.
but when i am trying to search from another client machine, i am getting "error ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"
also when i configured address book on mozilla on server., it is working fine.but not working on another machine.is any configuration is missing on client machine.both ldap server and client are configured on rhel4es without any firewall or selinux.
View 3 Replies
View Related
Apr 5, 2010
i have successful secure ldap replication but i could not make ldap client to direct its authentication to slave ldap
here is my config file on ldap client (i am not sure if it is the right place though)
ip : 192.168.1.183 is master ldap
ip : 192.168.1.185 is slave ldap
pico /etc/ldap/ldap.conf
#
# LDAP Defaults
code....
View 11 Replies
View Related
Sep 8, 2009
I installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
# rpm -qa | grep ldap
python-ldap-2.2.0-2.1
php-ldap-5.1.6-23.2.el5_3
[code]....
View 1 Replies
View Related
May 25, 2011
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
View 1 Replies
View Related
