[389-users] Password Policy not working fine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I can?t ..  We have two errors:

 

[root at dblvm32 ~]# passwd testsi
Changing password for user testsi.
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:
LDAP password information update failed: Confidentiality required
Operation requires a secure connection.

passwd: Permission denied

 

[root at dblvm32 ~]# ldappasswd testsi
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
        additional info: SASL(-4): no mechanism available:
[root at dblvm32 ~]#


 

What happend??  Thanks!!

 

 

Allan


 
> Date: Thu, 3 Dec 2009 09:58:04 -0700
> From: rmeggins at redhat.com
> To: fedora-directory-users at redhat.com
> Subject: Re: [389-users] Password Policy not working fine
> 
> Allan Gaston Hougham wrote:
> > Hi, thanks for you response,
> > 
> > We have Fedora-ds 1.2.2 2009.237.2054
> > 
> > Platform:
> > 
> > Linux zblhp36 2.6.18-8.1.14.el5 #1 SMP Tue Sep 25 11:45:55 EDT 2007 
> > x86_64 x86_64 x86_64 GNU/Linux
> >
> > In this time we can apply any policies, but is not working "user must 
> > change password after reset" and change password later that it exipire
> > 
> > This is the error with this ldap.conf:
> > 
> > [root at yblhp35 openldap]# cat ldap.conf
> > #
> > # LDAP Defaults
> > #
> > # See ldap.conf(5) for details
> > # This file should be world readable but not world writable.
> > #BASE dc=example, dc=com
> > #URI ldap://ldap.example.com ldap://ldap-master.example.com:666
> > #SIZELIMIT 12
> > #TIMELIMIT 15
> > #DEREF never
> > #use_sasl on
> > URI ldap://zblhp36.ml.com/
> > BASE dc=ml,dc=com
> > suffix "ou=Infraestructura,ou=Sistemas,ou=Tronador,ou=Argentina"
> > suffix "ou=Arquitectura,ou=Sistemas,ou=Tronador,ou=Argentina"
> > #TLS_CACERTDIR /etc/openldap/cacerts
> > #TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt
> > TLS_REQCERT allow
> > bind_policy soft
> > ssl no
> > TLS_CACERTDIR /etc/openldap/cacerts
> > pam_password md5
> > 
> > ERROR:
> > 
> > WARNING: Your password has expired.
> > You must change your password now and login again!
> > Changing password for user testsi.
> > Enter login(LDAP) password:
> > LDAP Password incorrect: try again
> > Enter login(LDAP) password:
> > New UNIX password:
> > Retype new UNIX password:
> > LDAP password information update failed: Server is unwilling to 
> > perform user is not allowed to change password
> > passwd: Permission denied
> > 
> > 
> > And this is the error with this ldap.conf:
> > 
> > 
> > [ahougham at dblvm32 ~]$ cat /etc/ldap.conf
> > #
> > # See ldap.conf(5) for details
> > # This file should be world readable but not world writable.
> > #BASE dc=example, dc=com
> > #URI ldap://ldap.example.com ldap://ldap-master.example.com:666
> > #SIZELIMIT 12
> > #TIMELIMIT 15
> > #DEREF never
> > #use_sasl on
> > HOST 172.16.100.186 172.16.102.49
> > URI ldaps://172.16.100.186 ldaps://172.16.102.49
> > BASE dc=ml,dc=com
> > suffix "ou=Infraestructura,ou=Sistemas,ou=Tronador,ou=Argentina"
> > suffix "ou=Arquitectura,ou=Sistemas,ou=Tronador,ou=Argentina"
> > #TLS_CACERTDIR /etc/openldap/cacerts/
> > #TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt
> > TLS_REQCERT allow
> > bind_policy soft
> > ssl no
> > tls_cacertdir /etc/openldap/cacerts
> > pam_password md5
> > uri ldap://zblhp36.ml.com/
> > base dc=ml,dc=com
> > # Search the root DSE for the password policy (works
> > # with Netscape Directory Server)
> > pam_lookup_policy yes
> > # Use the OpenLDAP password change
> > # extended operation to update the password.
> > pam_password exop
> >
> > 
> > WARNING: Your password has expired.
> > You must change your password now and login again!
> > Changing password for user testsi.
> > Enter login(LDAP) password:
> > New UNIX password:
> > Retype new UNIX password:
> > LDAP password information update failed: Confidentiality required 
> > Operation requires a secure connection.
> > 
> > 
> > 
> > Thanks in advance!!!
> Does it work if you use the ldappasswd command line tool?
> > 
> > 
> > Allan
> > 
> > 
> > > Date: Mon, 30 Nov 2009 08:11:51 -0700
> > > From: rmeggins at redhat.com
> > > To: fedora-directory-users at redhat.com
> > > Subject: Re: [389-users] Password Policy not working fine
> > >
> > > Allan Gaston Hougham wrote:
> > > > Dears,
> > > >
> > > > I have a problem with my passwords policies, I enabled "Enable
> > > > fine-grained password policy", I apply this but is not working fine.
> > > > I followed the steps of Administration Guide pag 364 -
> > > >
> > > > *7.1.1.2. Configuring a Subtree/User Password Policy Using the 
> > Console*
> > > >
> > > > But it?s not working, i have that setting any more?
> > > > Can you help me?
> > > >
> > > What is your platform? What version of directory server? rpm -qi
> > > 389-ds-base (or fedora-ds-base)
> > > >
> > > > Thanks a lot in advance!
> > > >
> > > > Allan Hougham
> > > >
> > > >
> > > > 
> > ------------------------------------------------------------------------
> > > > Internet Explorer 8 especial para MSN - ?Gratis! Descargalo ahora
> > > > haciendo clic aqu?
> > > > <http://www.ie8.msn.com/microsoft/internet-explorer-8/es-ar/ie8.aspx>
> > > > 
> > ------------------------------------------------------------------------
> > > >
> > > > --
> > > > 389 users mailing list
> > > > 389-users at redhat.com
> > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > > >
> > >
> > >
> >
> > ------------------------------------------------------------------------
> > ?Te llegan demasiados emails? Organizate con Hotmail. ?Cre? carpetas 
> > para todos tus correos! <http://mail.live.com/>
> > ------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > 
> 
> 
 		 	   		  
_________________________________________________________________
Windows Live Messenger GRATIS: lo que faltaba en tu BlackBerry
http://www.messengerentublackberry.com?ocid=WL_BB_LandPage_TagLine
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20091203/2ee7c6e2/attachment.html 


[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux