[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Password Problems
I haven't figured out the problem yet, and I've been trying many things
to fix it. I'm using authconfig on redhat, and here's
/etc/pam.d/system-auth :
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
account required /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok
md5 shadow
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_ldap.so
ACL's now look like this(Thanks to a previous suggestion)
access to attribute=userPassword
by dn="uid=root,dc=solomon,dc=physics,dc=sc,dc=edu" write
by self write
by * read
by anonymous auth
access to * by * read
Any help would be appreciated on this.
Thanks!
I'm still having difficult with changing the password for a user.
I've looked at the logs, error messages, and through debugging(and
give them below), and I have no clue what the problem could be. Any
help at resolving this problem would be much appreciated as I cannot
see what is causing the problem in the first place...
slapd debug:
>>> dnPrettyNormal: <uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu>
=> ldap_bv2dn(uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu,0)
<= ldap_bv2dn(uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu,272)=0
<<< dnPrettyNormal: <uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu>,
<uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu>
do_bind: version=3 dn="uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu"
method=128
conn=7 op=2 BIND dn="uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu"
method=128
==> bdb_bind: dn: uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu
bdb_dn2entry_rw("uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu")
=> bdb_dn2id_matched( "uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu" )
====>
bdb_cache_find_entry_dn2id("uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu"):
10 (1 tries)
====> bdb_cache_find_entry_id( 10 )
"uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu" (found) (1 tries)
=> access_allowed: auth access to
"uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu" "userPassword" requested
=> acl_get: [1] check attr userPassword
<= acl_get: [1] acl uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu attr:
userPassword
=> acl_mask: access to entry
"uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu",
attr "userPassword" requested
=> acl_mask: to all values by "", (=n)
<= check a_dn_pat: uid=root,dc=solomon,dc=physics,dc=sc,dc=edu
=> string_expand: pattern: uid=root,dc=solomon,dc=physics,dc=sc,dc=edu
=> string_expand: expanded: uid=root,dc=solomon,dc=physics,dc=sc,dc=edu
=> regex_matches: string:
=> regex_matches: rc: 1 no matches
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth(=x) (stop)
<= acl_mask: [2] mask: auth(=x)
=> access_allowed: auth access granted by auth(=x)
send_ldap_result: conn=7 op=2 p=3
send_ldap_result: err=49 matched="" text=""
send_ldap_response: msgid=3 tag=97 err=49
/var/log/messages:
Jul 8 12:25:11 solomon passwd[10635]: pam_ldap: error trying to bind
as user
"uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu" (Invalid credentials)
Passwd:
[yossefk@solomon yossefk]$ passwd
Enter login(LDAP) password:
LDAP Password incorrect: try again
ACL's in slapd.conf:
access to attribute=userPassword
by dn="uid=root,dc=solomon,dc=physics,dc=sc,dc=edu" write
by anonymous auth
by self write
by * auth
access to * by * read
Thanks!