I recently set up a LDAP server, and have a server using it to authenticate users.
That works completely, but when a user tries to use passwd to change his password this happens.
Code:
And this is in /var/log/auth.log
Code:
I recently set up a ldap server for user authentication and I want to be able to configure the passwd utlity to automatically update the password for the local account AND on the ldap server. How would I go about this?
View 7 Replies View RelatedI've got 8.10 of Ubuntu and currently running openLDAP and have SAMBA domain using this along with the PAM changes on all machines to authenticate the logins.Now I've got a situation where I need to change the organization it currently is dc=mycomp, dc=local and I need to change the "local" part.
I thought that I could slapcat it out then change all dc=local to dc=blech and then reload the LDAP database. Then go around and change all the ldap configuration points to match.I don't think its as simple as change the base dn and everything below that will update.
I have installed servers(10.04 LTS Server) with Kerberos + LDAP, now I can ssh to all those servers and login with kerberos principle. But when I want to change password, I got such error:
Code:
Current Kerberos password:
Enter new Kerberos password:
Retype new Kerberos password:
Password change rejected: Password not changed.
Kerberos database constraints violated while trying to change password.
passwd: Authentication token manipulation error
passwd: password unchanged
I have search this issue but cannot any useful information. Would someone give me a direction?
I'm trying to setup a LDAP server and it seems to have all gone pretty well. I set it so that users that type their passwords wrong 5 times are locked out for 20 minutes. That works fine, but if I want to log on as an admin and unlock their account before that 20 minutes is up it isn't working.Normally, (authenticating locally)
Code:
passwd -u blank888
works and does what I want it to. If I want passwd to recognize the LDAP server I use
Code:
passwd -D cn=Administrator,dc=example,dc=com -u blank888
When I run that, it always asks for the admin password like it should, but then will only work on some accounts and not others. Mainly I've seen that it only works on accounts that already had local accounts before connecting to the LDAP server.If I run a passwd -Sa command I will get something like:
blank888 LK 07/18/2011 0 999 7 -1
blank888 LK 07/18/2011 0 999 7 -1
test LK
blank888 already had an account on the machine, but also had a LDAP account along with test. So blank888 is showing twice because he has both LDAP and local accounts, whereas test only has a LDAP account. So now if they both get locked out passwd -D $adminDN -u $account will work for blank888 but not test. Then the results of a passwd -Sa would be:
blank888 PS 07/18/2011 0 999 7 -1
blank888 PS 07/18/2011 0 999 7 -1
test LK
I need to be able to unlock test using passwd. The LDAP server is running 11.2, and the hosts are running various Linux distros, and XP.Can anything think of a way to fix this without removing the LDAP server, adding local accounts for everyone, and then putting the LDAP server back on?
I setup openldap and samba on 9.10. The ubuntu desktop client gets authenticated successfully with the server. But when I do a passwd on the client, only the ldap passwd is getting changed but not in the samba and the unix user account.
My smb.conf
Code:
passdb backend = ldapsam:ldap://192.168.3.100
ldap suffix = dc=example,dc=local
ldap user suffix = ou=People
ldap group suffix = ou=Groups
[code].....
But only the ldap password is getting changed and not in the samba and unix user account.
I tried
unix password sync = yes
but same result.
I'm trying to add a password policy into OpenLDAP 2.4 on 10.04 and it's driving me out of my mind. I keep getting this error: root@www:/etc/ldap# sudo ldapadd -x -D cn=God,dc=example,dc=org -W -f ppolicy.ldif Enter LDAP Password: adding new entry "cn=default,ou=policies,dc=example,dc=org"ldap_add: Invalid syntax (21)additional info: objectClass: value #0 invalid per syntax
[Code]...
i have configured ldapserver on rhel4 for creating address book
following are configuration files on ldap server
/etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
i am able to import this ldif file into database.also when i perform the ldapsearch on this server with command"ldapsearch �x �W �D �cn=manager, dc=example, dc =com� �b �dc=example, dc=com�" i get correct output.
but when i am trying to search from another client machine, i am getting "error ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"
also when i configured address book on mozilla on server., it is working fine.but not working on another machine.is any configuration is missing on client machine.both ldap server and client are configured on rhel4es without any firewall or selinux.
I took to yast to install ldap. I creating the CA cert, server key and server cert and specified them during the yast ldap server dialogs.
The firewall is open for ldap.
I also went through yast's ldap client ... though I didn't exactly see to anything (presuably it wrote up a configuration file somewhere).
However when trying use the basic ldap tools, like ldapwhoami. Well it doesn't connect and gives me the above error. Of coure the ldap db is unpopulated as yet, so it probably is not able to say who am at all. But ldapadd doesn't work either.
It seems to point to my SSL usage not being correct .. so I'm trying to double check that now.
I'm trying to set up a Linux server and I am new to this. I have gone through most of the configuration using SAMBA 3.0 and when I populate the ldap directory all I get this error before the password request:
Then when I perform an ldapsearch to see if the directory is populated I get this message:
I'm positive all my .conf files are done right.
I have a set of two amd64 machines with Debian Lenny. Machine 2 reads all the users' information from the Machine 1 through LDAP. Also, in Machine 2 I set up a dchroot environment for 32 bits compatibility ( following [URL]
In addition to the above instructions, on this Machine 2, I set up /etc/libnss*, /etc/ldap/*, and /etc/nsswitch.conf both for the amd64 and for the i386 environments. I have no problems if I'm in the native amd64 mode. However, once I enter the i386 dchroot, some strange things happen:
1) For users from uid=1000 to uid=1031, I get an error if running 'whoami' (Cannot find name for user ID XXXX) and if I run 'id' , I get all the correct group numbers but no translation to group names in parenthesis as it should be. 'ls -l' also only lists group numbers but no names.
2) for user 1032 I cannot even change into the dchroot, I get the error "E: Group '1,031' not found"
I have a web server running Centos5 on a Xeon processor with 2GB of RAM. Whenever I try to login as a user the system hangs.If I login as root I can login without any problems. I tried changing the passwd. I can change the passwd but still not able to login as that user. I tried creating a new user. When I run the command adduser or useradd the system hangs.
View 7 Replies View RelatedI have Red Hat version 4 I was trying to change the root password with the passwd command.I get the error passwd: PAM [dlerror: /lib64/security/sufficient: cannot open shared object file: No such file or directory] I have change the password before.
View 5 Replies View Relatedwe know that /etc/passwd - is a replica of /etc/passwd file and acts as a backup in any damage done to /etc/passwd file..i have observed a strange thing in RHEL 5.4....for example... if /etc/passwd has 100 accounts.. then /etc/passwd - is having only 99 accounts....when i add 101 useraccount with "useradd" then /etc/passwd has 101 accounts and /etc/passwd is having the 100th account of /etc/passwd - ..when i delete /etc/passwd and recover it with /etc/passwd - from runlevel 1 the lastly created user is not having his account after recovery.. what is the solution? this is same case even with /etc/shadow and /etc/shadow -
View 2 Replies View RelatedFC9 - Sulphur, x86, nothing fancy
Did an update (damn the unofficial repos!)
Found a problem with pam_passwdqc module.
Like the title says, I'm unable to change root's password.
I boot into singleuser mode, run passwd, get the
Code:
Boot into multiuser mode and I'm still unable to login.
Two questions:
1) Anyone have a 'default' /etc/pam.d/system-auth that I can replace with the system-auth that was obliterated by the pam_passwdqc update?
2) Any other ideas?
I would like to run a server or ssh or ftp on a specific portSort of jailed daemon that runs with a login / pwd that is not /etc/passwd based to?
View 9 Replies View RelatedI'm in debian trying to install passwd. It's giving me a heck of a time with shadowconfig, because that program tells me what's wrong but doesn't fix it for me. Basically it is saying that there are a lot of entries missing from my shadow file. So how do I add them? I don't want to have to do it all by hand.
View 4 Replies View RelatedI have created a folder in my /var/www/ as /var/www/borneo and when I try to install a smf forum I get this error: 550 Failed to change directory. I have installed vsftpd for the ftp.
View 5 Replies View RelatedI'm still getting my head around setting things up on my web server, I've configured php to run off of Fast CGI, rather than mod_php, due to better memory consumption. I've managed to get my virtual hosts configured to work with fastcgi, ensuring the following options are set:
AddHandler fcgid-script .php
FCGIWrapper /usr/lib/cgi-bin/php5 .php
Options +ExecCGI FollowSymLinks
I tried adding those settings to /etc/phpmyadmin/apache.conf, but this doesn't seem to work. Whenever I go to www.mydomain.com/phpmyadmin , I just get a 403 Forbidden Error. This used to work no problems on mod_php.
[URL].. because the alias is set so that my virtual hosts can access it through /phpmyadmin. There is probably something basic I am missing here.
1. I tried to change my password by typing "passwd" in the terminal. It then asked me to input the Unix password. After I typed in the Unix password, it read "Authentication token manipulation error". Why did that happen? I know what the Unix password is.2. . What is the difference between Unix password and Root password?
View 2 Replies View RelatedI just installed Squeeze on an older PC. Installation seemed to go fine. But when it booted up on the installed system for the first time, I could not login - username/password failure. I tried every possible typing error and CAP LOCK error I could have made - still nothing.
I brought up a console window and tried logging in as root - same problem.
I booted into single user mode and entered passwd command to set new root password - I got a SYSTEM ERROR message from the passwd command.
I booted to a Live CD, went to /etc/shadow and deleted the encrypted password. Rebooted on the hard drive, went to console window and logged in as root, with no password required. So far so good. I entered passwd command to set new password and got the same SYSTEM ERROR message.
The machine seems fine when running on the Live CD, and the install seemed to go fine.
Is it even possible to use LDAP on Ubuntu 11.04? After a full day of googling, every guide I can find is either for another version of Ubuntu or is horribly broken (including the official docs).
View 2 Replies View RelatedI have configured ldap client on openSUSE 11.3 with yast2config. Since I am able to get list of all users through getent, it seems configuration done properly. But while logging in with ldap id its prompting for password change.
Code:
login as: testuser
Using keyboard-interactive authentication.
Password:
Using keyboard-interactive authentication.
Your password has expired. Choose a new password.
You are required to change your LDAP password immediately.
Enter login(LDAP) password:
I have other solaris machine as ldap clints, which are working fine.
Do I need to change any pam config?
I've been working though [URL] tutorial trying to get openldap working.
When I get to the point where i'm setting up the client. More specifically when I do ldapaddgroup testgroup I am sent this error
"You must have OpenLDAP client commands installed before running these scripts"
I have installed the ldapscripts package along with all the required ones. Has anyone been through this, I imagine it's some little nuance that I am missing.
I've currently got Ubuntu server configured so that clients can login using LDAP user accounts that I've created using ldapadduser (from the ldapscripts package).
I've also got NFS exports working so that /home can be exported to clients. Kerberos authentication is enabled for NFS and clients require a nfs/clienthostname.domain principal to be able to mount the NFS share.
However, I now realise that for LDAP users to be able to access the mount they need their own Kerberos principal. If I run kinit dan@DANBISHOP.ORG then I can access /home/dan as user dan otherwise I get permission denied.
My question then is how best to proceed... is there a way to configure the client/server so that once a client has mounted the nfs share using Kerberos, all users can access it without their own principal?
It seems more usual to create kerberos principles for all users, but then how does one manage users? Using ldapscripts is very easy, but if the admin then has to manually create kerberos principals everytime, it could become very tedious. Furthermore how do users change their password if kerberos is used for authentication?
I need to configure the DNS server and Ldap server in ubunru 10.10.
View 1 Replies View RelatedI have a problem with my fedora workstation.I am trying to change my ldap user password through passwd command.When I first create the user on ldap server, I use md5 and create the user password.This is the entry:
Code:
dn: uid=boo,ou=People,dc=linux,dc=gettolandia,dc=org
uid: boo
[code]....
I have configured Ldap Server in CentOS 5.4 & it's working fine, the problem is when I create a ldapuser from server the user can login in client machine but the user has no rights to change the password. How to rectify this by using commands.
View 2 Replies View RelatedI am using CentOS 5.6 and recently, well since I updated to 5.6 when I login through ssh/telnet I am prompted to change the password of any account which is my LDAP directory. Local accounts are unaffected. I haven't tried the console as this server is tucked away in a tiny room. This is really annoying because I don't want to run password expiry on that server and I'm sure that there's nothing in LDAP to indicate password expiry is on. My shadowmax is 9999 by default for every account..which is over 27 years I think. It's only started recently. I'd like to know how I can turn the expiry message off. I'd like to get rid of cracklib as well.
my etc/pam.d/sshd is
#%PAM-1.0
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
I've just installed Ubuntu Server for the first time with the goal as setting it up as a proxy server for our Apple computers here since I can get neither ISA of OS X Server's firewall to play properly. So far I have the machine authenticating against our OS X OpenLDAP server and multiple NIC's setup ready to be connected to the outside world. My question is does anyone have a preference on what proxy I should be using? So far my search efforts seem to of turned up Squid Proxy as a favorite among Ubuntu users but I can't seem to work out how to get it authenticating against my OpenLDAP server.
View 5 Replies View Related