[389-users] LDAP authentication related - CANNOT change password by running passwd on clients
Dan Lavu
dan at lavu.net
Thu Nov 1 20:19:30 UTC 2012
First I would check the ACI (Access Control Instruction), you will see in
IDM, which level in the Tree (ACI), right click, and goto ACI (You can view
all the inherited instructions) and make sure the users who login have the
permission to selfwrite.
The next part, by default this works, but I believe it depends on which
encryption and mapping you’re using for your password hash, so you have to
goto into the 389 config, check the hashing algorithm and check your
ldap.conf (or are you using sssd?) and make sure the password mapping
attribute is correct.
Hope this helps.
Dan
*From:* 389-users-bounces at lists.fedoraproject.org [mailto:
389-users-bounces at lists.fedoraproject.org] *On Behalf Of *albert.solaris
*Sent:* Thursday, November 01, 2012 4:03 PM
*To:* 389 Mail list
*Subject:* [389-users] LDAP authentication related - CANNOT change password
by running passwd on clients
I am stuck in the 389 DS implementation, hope someone could help me out.
My situation is that I am trying to establish a cute enterprise environment
with VMWorkstation and CentOS. All guest OSs are CentOS6.3 based. So far
I have got DNS, DHCP, Gateway, File server worked perfectly; However, the
389 LDAP server here, Hmm... I would say it is partially working. And this
is also where you come in.
What does it mean by 'partially working' exactly? Let me tell you.
What happened here is that I've installed and configured 389 DS without
SSL/TLS enable, migrated local users on my file server to the LDAP
already. Now, from my DHCP clients, also LDAP clients, I can retrieve
information within the LDAP server by running ldapsearch, I can even change
to regular users (i.e. user1/user2/.../user10 created on the file server)
with Autofs home directory mounted automatically. Somehow, I cannot change
password by running passwd command.
Here is what I got when changing.
[root at dhcpclient sssd]# *su - user1*
[user1 at dhcpclient ~]$
[user1 at dhcpclient ~]$ *passwd*
Changing password for user user1.
Current Password:
passwd: Authentication token manipulation error
[user1 at dhcpclient ~]$
I am new to Linux, so have no idea about the reason behind that. Is it a
LDAP acl issue, or sssd configuration issue, or security pam issue, or
whatever else.
If you could help me out, that would be great. Please let me know if you
want any configuration files from me. I don't want to attach everything
here to scare you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20121101/3d5f6b86/attachment.html>
More information about the 389-users
mailing list