Re: Issues when changing LDAP password

[Axel Werner <mail@awerner.homeip.net>]

Am 09.03.2009 15:00, Gustavo Mendes de Carvalho schrieb:
> Hi there,
>
> I'm running an LDAP server version 2.3.39 and I'm using ppolicy to 
> force users in some specific things, but I'm having some issue when I 
> try to change my user's password with passwd command.
>
> Here's the output screen
>
> [user1@cliserv ~]$ ssh ldapclisrv
> user1@ldapclisrv's password:
> Your LDAP password will expire in 10 days.

WOW! How did u do that ? my debian doesnt warn my users like that. What 
Distribution are u using here? Or is this some custom made login script ?


> Last login: Wed Mar  4 17:42:18 2009 from cliserv
> [user1@ldapclisrv ~]$
> [user1@ldapclisrv ~]$
> [user1@ldapclisrv ~]$ passwd
> Changing password for user user1.
> Enter login(LDAP) password:
> New UNIX password:
> Retype new UNIX password:
> LDAP password information update failed: Can't contact LDAP server
> Must supply old password to be changed as well as new one
> passwd: Permission denied
> [user1@ldapclisrv ~]$
>
> As you can see, I can login using LDAP ID, and I can change user1 
> password if I use ldappasswd, entering all ldap information, but I 
> would like to make it simpler.
the PAM Stacks at /etc/pam.d/common-* are very important. a 
misconfiguration there can lead to such situations. if happends on 
password change only and if ldap account is still "valid" it may be the 
/etc/pam.d/common-password file.

please post all your common-* PAM files here including your 
/etc/pam.d/passwd if available.

l8r
Axel