Guilherme Boing
2015-Oct-08 17:38 UTC
[Samba] Changing User password from ssh member server
Hi, I am authenticating users on our linux servers using nslcd/pam_ldap. Authentication is fine, however, it is not possible for the user to change the password from the server. Is there a way to make it work ? [Guilherme at server ~]$ passwd Changing password for user Guilherme. passwd: Authentication token manipulation error Oct 8 14:37:53 server passwd: pam_unix(passwd:chauthtok): user "Guilherme" does not exist in /etc/passwd
Guilherme Boing
2015-Oct-08 17:45 UTC
[Samba] Changing User password from ssh member server
Actually it is not a samba member server. This is just a normal CentOS 6.7 running with nslcd/pam_ldap. On Thu, Oct 8, 2015 at 2:38 PM, Guilherme Boing <kolt+samba at frag.com.br> wrote:> Hi, > > I am authenticating users on our linux servers using nslcd/pam_ldap. > Authentication is fine, however, it is not possible for the user to change > the password from the server. > > Is there a way to make it work ? > > [Guilherme at server ~]$ passwd > Changing password for user Guilherme. > passwd: Authentication token manipulation error > > Oct 8 14:37:53 server passwd: pam_unix(passwd:chauthtok): user > "Guilherme" does not exist in /etc/passwd > >
On 08/10/15 18:38, Guilherme Boing wrote:> Hi, > > I am authenticating users on our linux servers using nslcd/pam_ldap. > Authentication is fine, however, it is not possible for the user to change > the password from the server. > > Is there a way to make it work ? > > [Guilherme at server ~]$ passwd > Changing password for user Guilherme. > passwd: Authentication token manipulation error > > Oct 8 14:37:53 server passwd: pam_unix(passwd:chauthtok): user "Guilherme" > does not exist in /etc/passwdWhat sort of Linux server? Rowland
Guilherme Boing
2015-Oct-08 17:59 UTC
[Samba] Changing User password from ssh member server
Hi Rowland, This is a CentOS 6.7 server. I was able to make some progress. I have edited /etc/pam.d/system-auth, and now it looks like: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 typepassword sufficient pam_unix.so sha512 shadow nullok try_first_pass password sufficient pam_ldap.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session optional pam_ldap.so session required pam_mkhomedir.so skel=/etc/skel umask=0022 session required pam_unix.so Now passwd works, but not really: [Guilherme at server ~]$ passwd Changing password for user Guilherme. Enter login(LDAP) password: New password: Retype new password: LDAP password information changed for Guilherme passwd: all authentication tokens updated successfully. After that, I have logged out and logged in with the same old password. The password didn't seem to update. On Thu, Oct 8, 2015 at 2:47 PM, Rowland Penny <rowlandpenny241155 at gmail.com> wrote:> On 08/10/15 18:38, Guilherme Boing wrote: > >> Hi, >> >> I am authenticating users on our linux servers using nslcd/pam_ldap. >> Authentication is fine, however, it is not possible for the user to change >> the password from the server. >> >> Is there a way to make it work ? >> >> [Guilherme at server ~]$ passwd >> Changing password for user Guilherme. >> passwd: Authentication token manipulation error >> >> Oct 8 14:37:53 server passwd: pam_unix(passwd:chauthtok): user >> "Guilherme" >> does not exist in /etc/passwd >> > > What sort of Linux server? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >