similar to: Changing User password from ssh member server

Hi Rowland, This is a CentOS 6.7 server. I was able to make some progress. I have edited /etc/pam.d/system-auth, and now it looks like: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account

I have removed use_auhtok from /etc/pam.d/system-auth and now passwd is "kind of" working... I am still able to login with my old password and the new one also. But only on the linux servers that are authenticating through LDAP. On my workstation only the old password (the one I was trying to change through passwd(ssh)) works. I have noticed that my user now has a userPassword

Yes, it is an AD DC. The thing is, the only way I know to change the user password is from a Windows workstation (CTRL+ALT+DEL and go to Change password). I was trying to achieve the same thing through another Linux server that is not the AD DC. So I thought that it would be possible for them to change their AD passwords through "passwd", but it didn't seem to work properly, because

I am trying to configure NIS, PAM, & LDAP on a CentOS 6.2 host. I've previously installed a similar configuration on RHEL4, but CentOS now uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations are a little different. Currently, local users and groups are showing up but not LDAP users. When I do a /getent passwd/ and/getent group/ I don't get LDAP users. When I do

I am installing smb 3.5 on a CentOS 6.2 host using smbldap-tools. I've previously installed a similar configuration on RHEL4 using smb 3.0 but CentOS now uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations cannot be moved straight across. When I do a listing of a share directory that should have user and group ownership determined by LDAP, I get the uidNumbers and

Hey, By "through LDAP" I meant that our linux servers would look for the users using pam_ldap. Anyway, I was able to "fix" this by mapping gidNumber to gidNumber instead of primaryGroupID on nslcd.conf. $ id uid=10000(Guilherme) gid=10001(it) grupos=10001(it) On Fri, Aug 21, 2015 at 4:28 PM, Rowland Penny <rowlandpenny241155 at gmail.com > wrote: > On 21/08/15

Hello, I want my domain users to be able to connect to our linux servers using their AD username through LDAP. I am using nslcd and pam_ldap to do so, but I am having some hard time trying to figure out why the GID is not working properly. # getent passwd Guilherme Guilherme:*:10000:*513*:Guilherme:/home/Guilherme:/bin/bash # getent group|grep 513 # id Guilherme uid=10000(Guilherme) gid=513

Hi When I enable a box to do authentication using LDAP it breaks cron for users like jboss. I get the following in /var/log/secure Sep 14 15:25:01 exoipatest01 crond[7214]: pam_access(crond:account): access denied for user `jboss' from `cron' I have the following in /etc/ldap.conf nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,tomcat,radiusd,news,mailman,nscd,jboss

Thanks a lot for looking over the config. I am at the topic "user data is available" id <username> and getent passwd and ldapsearch -x -b "ou=XXX,o=YYY" uid=<username> give the correct results ldapsearch gives also the correct host attribute i have set in the ldap server. Regarding the manpage of sssd.conf the lines access_provider = ldap ldap_access_order =

On 08/10/15 18:59, Guilherme Boing wrote: > Hi Rowland, > > This is a CentOS 6.7 server. > I was able to make some progress. I have edited > /etc/pam.d/system-auth, and now it looks like: > > auth required pam_env.so > auth sufficient pam_unix.so nullok try_first_pass > auth requisite pam_succeed_if.so uid >= 500 quiet > auth

On 08/10/15 19:16, Guilherme Boing wrote: > I have removed use_auhtok from /etc/pam.d/system-auth and now passwd > is "kind of" working... > I am still able to login with my old password and the new one also. > But only on the linux servers that are authenticating through LDAP. > > On my workstation only the old password (the one I was trying to > change through

>> But instead i get >> centos: sshd[7929]: pam_unix(sshd:session): session opened for user >> <username> > > "pam_unix" should be an indication that <username> appears in the local > unix password files. Make sure that it doesn't. Nope. None of the usernames i tried is in /etc/passwd or /etc/shadow > > What do /etc/pam.d/sshd and

On 05/09/2015 01:24 PM, Jonathan Billings wrote: > Is it normal to have pam_unix and pam_sss twice for each each section? No. See my previous message. I think it's the result of copying portions of SuSE configurations.

one more thing: firewalld service and selinux are deactivated. On 05/11/2015 07:06 PM, Ulrich Hiller wrote: > Hmmm...., i have made now a complete new install but the problem > persists: ldap authentication works, but the host attribute is ignored. > > I have installed CentOS7 64bit with KDE. > I did not do any 'yum update' or install of extra packages so far. > >

Greetings!!! I am using samba 3.0.28 clients authenticating AD R2 with SFU 3.5. I have setup nss info to template, sfu get the uid, gid, home dir and shell from AD. The problem is it seems to be working for sometime, and then it says could not get uid/gid pair. I am assuming some kind of caching is causing this. My understanding with SFU is that, there wont be any mappings and the specific user

Hi, Got some issues regarding Kerberos and Directory Server and hope someone can help me out. Used these for the configiruation : http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-kerberos.html http://www.redhat.com/docs/manuals/dir-server/8.1/install/index.html Server : CentOS 5.4 with Kerberos and Directory Server installed Client : CentOS 5.4 I use putty to connect to the client,

Hi all, I am a bit confused about the usage of pam_mount. Here is my /etc/pam.d/system-auth: auth required pam_env.so auth required pam_mount.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth required pam_deny.so account

Hi, I am setting up ctdb samba, and have hit a brick wall trying to solve the following issue. 1. getent does not retrieve the list of domain users or groups (wbinfo works fine) I'm not sure what I'm missing but I've almost spent the whole day trying to resolve this one and haven't made any progress :-( Any help or suggestions are appreciated My configuration is

passwd: Authentication token manipulation error smbpasswd: machine 127.0.0.1 rejected the password change: Error was : Wrong Password best regards [FACILITY/btombul at samba ~]$ passwd Changing password for user FACILITY/btombul. Changing password for FACILITY/btombul (current) NT password: New password: Retype new password: passwd: Authentication token manipulation error [FACILITY/btombul at

maybe it'll work when f27 comes out in a few days I'll wait for it. On Mon, Oct 30, 2017 at 3:05 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > for this machine it was unimportant. I will just use local accounts to > login it is only one user > I did remove sssd and went back to my original smb.conf but it still shows > > [root at squints ~]# getent passwd