Re: LDAP authentication related - CANNOT change password by running passwd on clients

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Could you also provide us with error logs from ldap? Do this just after passwd faild. This will tell us more about errors on ldap side (like the possible ACI problems).

Passwd hash algorithm for pam_ldap you can configure in /etc/nss_ldap.conf. Search for 'password crypt' and uncomment it. You must make other password lines commented to be sure this works.

1 lis 2012 21:03, "albert.solaris" <albert.solaris@xxxxxxxxx> napisał(a):
I am stuck in the 389 DS implementation, hope someone could help me out.

My situation is that I am trying to establish a cute enterprise environment with VMWorkstation and CentOS.  All guest OSs are CentOS6.3 based.  So far I have got DNS, DHCP, Gateway, File server worked perfectly;  However, the 389 LDAP server here, Hmm... I would say it is partially working.  And this is also where you come in.

What does it mean by 'partially working' exactly?  Let me tell you.

What happened here is that I've installed and configured 389 DS without SSL/TLS enable, migrated local users on my file server to the LDAP already.  Now, from my DHCP clients, also LDAP clients, I can retrieve information within the LDAP server by running ldapsearch, I can even change to regular users (i.e. user1/user2/.../user10 created on the file server) with Autofs home directory mounted automatically.  Somehow, I cannot change password by running passwd command.

Here is what I got when changing.
[root@dhcpclient sssd]# su - user1
[user1@dhcpclient ~]$
[user1@dhcpclient ~]$ passwd
Changing password for user user1.
Current Password:
passwd: Authentication token manipulation error
[user1@dhcpclient ~]$

I am new to Linux, so have no idea about the reason behind that.  Is it a LDAP acl issue, or sssd configuration issue, or security pam issue, or whatever else.

If you could help me out, that would be great.  Please let me know if you want any configuration files from me.  I don't want to attach everything here to scare you.

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux