Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have created 3-4 ldapuser users namely ldapuser1,2,3,4 when i created the server.That time i was able to login on ldap clients.
But now i am unable to login in ldap client with these users.While logging in with ldapuser,after entering password it gives error as "Server unexpectly closed Network connection"
I have also changed ldap user password but still no vain.
If i create new LDAP users,i can login in LDAP client with that user.
I have tried this in all LDAP clients.In all clients ,i can login with new user created but cannot login with existing old ldap users.
Then on checking further,I came to know on seeing logs that "ldapuser1" has expired and is locked.
Date LDAPClient unix_chkpwd[10173]: password check failed for user (ldapuser1)
Date LDAPClient sshd[10160]: pam_unix(sshd:account): account ldapuser1 has expired (failed to change password)
Date LDAPClient sshd[10160]: pam_ldap(sshd:account): password expired 176 days ago, account locked 146 days ago; user=ldapuser1
Date LDAPClient sshd[10160]: Failed password for ldapuser1 from IPport 58854 ssh2
Date LDAPClient sshd[10160]: fatal: Access denied for user ldapuser1 by PAM account configuration [preauth]
Date LDAPClient sshd[10160]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP user=ldapuser1
My Question is as below.
1. Besides logs,How to check if my ldap user is expired or not or going to expire.???is there any command for the same.
2. How to fix current issue.
when i am logging in LDAP client with password as " lV4cDWqc" ,it is still giving me error message as ""Server unexpectly closed Network connection"
Please find logs below
Dec 14 19:51:18 LDAPClient unix_chkpwd[39254]: password check failed for user (ldapuser1)
Dec 14 19:51:18 LDAPClient sshd[39239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.21.148.75 user=ldapuser1
Dec 14 19:51:18 LDAPClient sshd[39239]: pam_unix(sshd:account): account ldapuser1 has expired (failed to change password)
Dec 14 19:51:18 LDAPClient sshd[39239]: pam_ldap(sshd:account): password expired 182 days ago, account locked 152 days ago; user=ldapuser1
Dec 14 19:51:18 LDAPClient sshd[39239]: Failed password for ldapuser1 from 10.21.148.75 port 52546 ssh2
Dec 14 19:51:18 LDAPClient sshd[39239]: fatal: Access denied for user ldapuser1 by PAM account configuration [preauth]
This may be because i do not have "pwdChangedTime" parameter in my password policy.My current password policy is as belw.
This attribute is auto-created when the user changes his password.
Since I don't use ppolicy, I had to read that the format is: YYYYMMDDhhmmssZ, so I guess you have to write a script that do the math to find which accounts are about or have expired. You may try this, or adapt it to your needs.
2.
Quote:
For Point 2,I have executed below command on LDAP server
[root@LDAPSrvr LDAPfiles]# ldappasswd -D "cn=Manager,dc=domain,dc=com" -w <LDAPpasswd> "uid=ldapuser1,ou=People,dc=domain,dc=com"
New password: lV4cDWqc
when i am logging in LDAP client with password as " lV4cDWqc" ,it is still giving me error message as ""Server unexpectly closed Network connection"
Huh, I guess that since pwdReset is TRUE, next time the user tries to login, he will be prompted to change his password.
These are strictly-speaking attributes of the LDAP dictionary-entry so be sure that you spell them exactly as required by whatever piece of system software will be referencing it.
when i login with that user,after entering password it is giving me error as ""Server unexpectly closed Network connection"
Are you sure the password is correct? Perhaps you have exceeded the max times of failed logins.
Anyway check the server logs (probably /var/log/secure) to get some hints
I am giving correct password.Please find log file as attachment at the time of incident(when i logged in to ldap client and got error message)
Please note :I can successfully login to ldap client using "su".
[<LDAP_client]# su - ldapuser1
Creating home directory for ldapuser1.
Last login: Wed Dec 13 20:23:53 IST 2017 on pts/1
Last failed login: Thu Dec 21 13:18:18 IST 2017 from 10.21.148.75 on ssh:notty
There were 51 failed login attempts since the last successful login.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.