[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: rootbinddn & passwd as root

Heres my fix (and backassword typo[s] uncovered)

Make sure you have "rootbinddn" uncommented in your ldap.conf.  Passwd 
needs to bind as someone who can modify the password entries in ldap.  You 
have to make sure that your /etc/ldap.secret exists with the correct 
password, this file needs to have to newlines after your password (use 
`echo secretpass > /etc/ldap.secret`) otherwise you will run into 

2 Problems I had.  The rootbinddn line in ldap.conf had 
cn=manager,dc=domain,dc=com in single quotes!  openldap does not like 
this.  Just dont use any quotes like this:

rootbinddn cn=manager,dc=domain,dc=com

Here is my pam.d/passwd


auth       sufficient   /lib/security/pam_ldap.so
auth       required     /lib/security/pam_pwdb.so shadow nullok

account    sufficient   /lib/security/pam_ldap.so
account    required     /lib/security/pam_pwdb.so

password   required     /lib/security/pam_cracklib.so retry=3 
password   sufficient   /lib/security/pam_ldap.so authtok use_first_pass
password   required     /lib/security/pam_pwdb.so authtok use_first_pass 
md5 shadow


Good luck!!!


On 29 Jul 2002, Tony Earnshaw wrote:

> fre, 2002-07-26 kl. 22:17 skrev Caylan Van Larson:
> > [root@betamax pam.d]# passwd caylan
> > Changing password for user caylan.
> > passwd: User not known to the underlying authentication module
> Now I'm stuck with this, too. 
> Best,
> Tony
> -- 
> Tony Earnshaw
> The usefulness of RTFM is vastly overrated.
> e-post:		tonni@billy.demon.nl
> www:		http://www.billy.demon.nl
> gpg public key:	http://www.billy.demon.nl/tonni.armor
> Telefoon:	(+31) (0)172 530428
> Mobiel:		(+31) (0)6 51153356
> GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
> 3BE7B981