On January 15, 2010 07:14:06 pm Fulda, Paul R (IS) wrote: > Ok, I got the Password Policy somewhat working now the problem is with > gdm and pam. I get the following error when trying to change the users > password from a Fedora 11 client machine login window. This happens > after I reset their password from the Directory Server GUI. > Here are the following errors: > > pam: gdm-password: pam_unix (gdm-password:auth): authentication failure > pam: gdm-password: pam_unix (gdm-password:chauthtok): user "smiths" does > not exist in /etc/passwd > > > Note that smiths is an ldap account, not a local account. I have > Googled this problem with no luck. I am hoping taht someone in the LDAP > world has come across this with a fix. > > Thanks in advance! > disclaimer, I normally use kdm, which just works as long as pam is configured properly. Check your pam/nss ldap settings. Try running a 'getent passwd' to see if the nss system can see your ldap users. Check your ldap logs if you can't see them there. If getent (passwd|group) can't see any of your groups or users, you definitely won't be able to login. If you can see your accounts in getent passwd, try logging in with the user from a terminal window. Again check the ldap logs if errors are thrown. This is likely a PAM issue here if you can't login. Check settings in /etc/pam_ldap.conf (or wherever your distro keeps it), aswell as in /etc/pam.d. Sometimes there can be typo's in your pam_ldap file sending the searches to the wrong ou's etc. Checking ldap logs and traffic and verify this (ie on the ldap server your might get an error 32 for no such object) You might want to disable start_tls while configuring/troubleshooting these issues. I find it helpful to be running wireshark and looking at the ldap traffic back and forth. Ryan Braun Aviation and Defence Services Division Chief Information Officer Branch, Environment Canada CIV: 204-833-2500x2625 CSN: 257-2625 FAX: 204-833-2558 E-Mail: Ryan.Braun at ec.gc.ca
