On January 15, 2010 07:14:06 pm Fulda, Paul R (IS) wrote:
Ok, I got the Password Policy somewhat working now the problem is
with
gdm and pam. I get the following error when trying to change the users
password from a Fedora 11 client machine login window. This happens
after I reset their password from the Directory Server GUI.
Here are the following errors:
pam: gdm-password: pam_unix (gdm-password:auth): authentication failure
pam: gdm-password: pam_unix (gdm-password:chauthtok): user "smiths" does
not exist in /etc/passwd
Note that smiths is an ldap account, not a local account. I have
Googled this problem with no luck. I am hoping taht someone in the LDAP
world has come across this with a fix.
Thanks in advance!
disclaimer, I normally use kdm, which just works as long as pam is
configured properly.
Check your pam/nss ldap settings. Try running a 'getent passwd' to see if the
nss system can see your ldap users. Check your ldap logs if you can't see
them there. If getent (passwd|group) can't see any of your groups or users,
you definitely won't be able to login.
If you can see your accounts in getent passwd, try logging in with the user
from a terminal window. Again check the ldap logs if errors are thrown.
This is likely a PAM issue here if you can't login. Check settings
in /etc/pam_ldap.conf (or wherever your distro keeps it), aswell as
in /etc/pam.d. Sometimes there can be typo's in your pam_ldap file sending
the searches to the wrong ou's etc. Checking ldap logs and traffic and
verify this (ie on the ldap server your might get an error 32 for no such
object)
You might want to disable start_tls while configuring/troubleshooting these
issues. I find it helpful to be running wireshark and looking at the ldap
traffic back and forth.
Ryan Braun
Aviation and Defence Services Division
Chief Information Officer Branch, Environment Canada
CIV: 204-833-2500x2625 CSN: 257-2625 FAX: 204-833-2558
E-Mail: Ryan.Braun(a)ec.gc.ca