LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-15-2010, 05:37 AM   #1
fahadaziz
LQ Newbie
 
Registered: Aug 2008
Posts: 27

Rep: Reputation: 15
Question ldap client ubuntu 8.04 password unchanged problem.


Hello everyone,

I am getting a problem that whenever I loged in with my ldap user on a ldap client and try to change the password of ldap user it doesn't allow me to do so...

azizf@pc:~$ passwd
passwd: User not known to the underlying authentication module
passwd: password unchanged
azizf@pc:~$

tail /var/log/auth.log

Apr 15 12:31:53 pc passwd[21600]: pam_unix(passwd:chauthtok): user "azizf" does not exist in /etc/passwd.
-------------------------------------------------

while azizf is ldap user. I don't know how to troubleshoot this problem.

thanks,
Fahad Bin Aziz.
 
Old 04-16-2010, 01:55 PM   #2
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , Solaris 10, RHEL
Posts: 1,935
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
Quote:
Originally Posted by fahadaziz View Post
Hello everyone,

I am getting a problem that whenever I loged in with my ldap user on a ldap client and try to change the password of ldap user it doesn't allow me to do so...

azizf@pc:~$ passwd
passwd: User not known to the underlying authentication module
passwd: password unchanged
azizf@pc:~$

tail /var/log/auth.log

Apr 15 12:31:53 pc passwd[21600]: pam_unix(passwd:chauthtok): user "azizf" does not exist in /etc/passwd.
-------------------------------------------------

while azizf is ldap user. I don't know how to troubleshoot this problem.

thanks,
Fahad Bin Aziz.
What does your /etc/nsswitch.conf look like?
 
Old 04-17-2010, 10:22 AM   #3
fahadaziz
LQ Newbie
 
Registered: Aug 2008
Posts: 27

Original Poster
Rep: Reputation: 15
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.



passwd: files ldap
group: files ldap
shadow: files ldap
automount: ldap

hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis

Thanks
fahad
 
Old 04-17-2010, 11:23 AM   #4
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , Solaris 10, RHEL
Posts: 1,935
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
Quote:
Originally Posted by fahadaziz View Post
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.



passwd: files ldap
group: files ldap
shadow: files ldap
automount: ldap

hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis

Thanks
fahad
What is the output of..

Code:
root@host# getent passwd azizf 
root@host# grep azizf /etc/passwd
 
Old 04-18-2010, 06:55 AM   #5
fahadaziz
LQ Newbie
 
Registered: Aug 2008
Posts: 27

Original Poster
Rep: Reputation: 15
root@host:~# getent passwd azizf
root@host:~# azizf:x:8185:136:Fahad Bin Aziz:/home/azizf:/bin/bash
-----------------------------------------------
root@host:~# grep azizf /etc/passwd
root@host:~#

It does not return any thing....
-----------------------------------------------
 
Old 04-18-2010, 09:19 AM   #6
frndrfoe
Member
 
Registered: Jan 2008
Distribution: RHEL, CentOS
Posts: 375

Rep: Reputation: 38
Does your password section of common-auth or system-auth in /etc/pam.d/ have any calls to the ldap module?
 
Old 04-19-2010, 05:49 AM   #7
fahadaziz
LQ Newbie
 
Registered: Aug 2008
Posts: 27

Original Poster
Rep: Reputation: 15
Smile

The output of /etc/pam.d/common-auth file is as follows

# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
#auth requisite pam_unix.so nullok_secure
#auth optional pam_smbpass.so migrate missingok

auth sufficient pam_ldap.so
auth required pam_unix.so use_first_pass nullok_secureroot@:host1/et

where host1 refers to the machine where ldap server is configured...

Thanks,
Fahad Bin Aziz.
 
Old 04-19-2010, 01:46 PM   #8
frndrfoe
Member
 
Registered: Jan 2008
Distribution: RHEL, CentOS
Posts: 375

Rep: Reputation: 38
Is there no section that starts with "password"? Or is there a file called passwd in /etc/pam.d?

The file /etc/pam.d/sshd should be a good clue to what file is being addressed for password manipulation (perhaps something like "password include common-auth"), that is where you also need to have pam_ldap.so to be able to change ldap stored passwords.

Last edited by frndrfoe; 04-19-2010 at 01:49 PM.
 
Old 04-20-2010, 07:07 AM   #9
fahadaziz
LQ Newbie
 
Registered: Aug 2008
Posts: 27

Original Poster
Rep: Reputation: 15
Smile

the output of passwd file....
__________________________________
root@host1:/etc/pam.d# cat passwd
#
# The PAM configuration file for the Shadow `passwd' service
#

@include common-password
---------------------------------------
The output of sshd file
________________________
root@host1:/etc/pam.d# cat sshd
# PAM configuration for the Secure Shell service

# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
auth required pam_env.so # [1]
# In Debian 4.0 (etch), locale-related environment variables were moved to
# /etc/default/locale, so read that as well.
auth required pam_env.so envfile=/etc/default/locale

# Standard Un*x authentication.
@include common-auth

# Disallow non-root logins when /etc/nologin exists.
account required pam_nologin.so

# Uncomment and edit /etc/security/access.conf if you need to set complex
# access limits that are hard to express in sshd_config.
# account required pam_access.so

# Standard Un*x authorization.
@include common-account

# Standard Un*x session setup and teardown.
@include common-session

# Print the message of the day upon successful login.
session optional pam_motd.so # [1]

# Print the status of the user's mailbox upon successful login.
session optional pam_mail.so standard noenv # [1]

# Set up user limits from /etc/security/limits.conf.
session required pam_limits.so

# Set up SELinux capabilities (need modified pam)
# session required pam_selinux.so multiple

# Standard Un*x password updating.
@include common-password

-----------------------------------------------------------
 
Old 04-20-2010, 12:59 PM   #10
frndrfoe
Member
 
Registered: Jan 2008
Distribution: RHEL, CentOS
Posts: 375

Rep: Reputation: 38
Quote:
# root@host1:/etc/pam.d# cat sshd
Standard Un*x password updating.
@include common-password
There is probably no call to pam_ldap.so in common-password.
Since you are running a Ubuntu system and I don't have one to check out, check this page for the common-password section. https://help.ubuntu.com/community/LD...Authentication

You can add all your password lines to sshd instead of using the include statement if you want to only effect that service.

Last edited by frndrfoe; 04-20-2010 at 01:07 PM.
 
  


Reply

Tags
client, ldap, password


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how do a user can change its LDAP password on Linux client machine sharjeel Linux - Server 5 05-13-2011 01:25 AM
Configuring Ubuntu 9.10 as client to use Samba/LDAP server for user authentication Xyan Ubuntu 1 01-24-2010 01:22 AM
ubuntu grub unchanged linuxfia Ubuntu 3 06-23-2009 12:58 PM
Ubuntu 8.04 / LDAP / NSS / PAM - not sharing shadow password hence not authenticating fuzzyworm Linux - Server 5 01-01-2009 03:29 PM
Joining an Ubuntu client to Samba LDAP domain kashifazizawan Linux - Server 1 11-15-2008 12:54 PM


All times are GMT -5. The time now is 06:49 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration