[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password problems

I'm looking at that page, and I'm not sure how it is suppose to help with this problem, although I don't quite understand the following part:

Changing passwords used to be problematic, and this is due to how OpenLDAP is built by default. OpenLDAP compiles with it's own MD5 before using the system (crypt(3)) MD5, which makes OpenLDAP look for passwords in a different MD5 format than the crypt(3) MD5 format. Reversing this order fixes the problem and makes OpenLDAP use crypt(3) MD5 first, which means that we can now use pam_ldap to change passwords (the user's login password will be identical to the LDAP password). This has been patched in the Mandrake Linux OpenLDAP updates in MDKA-2003:009; other distributions may or may not have this patch applied. If you do not, you can download the openldap-2.0.27-slapd-Makefile.patch and patch your own OpenLDAP installation (a rebuild would be required).

The logs show this for when I try to login with bobsmith(User created with ldap, password successfully changed, but can't log in with it), and with a user who is imported from /etc/passwd(can't change password, tells me incorrect, although it does allow the user to login to the system using ldap solely):
Jul  7 12:09:48 solomon last message repeated 2 times
Jul  7 12:12:25 solomon sshd(pam_unix)[6051]: check pass; user unknown
Jul  7 12:12:25 solomon sshd(pam_unix)[6051]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=solomon.physics.sc.edu
Jul  7 12:12:25 solomon sshd[6051]: pam_ldap: error trying to bind as user "uid=bobsmith,dc=solomon,dc=physics,dc=sc,dc=edu" (Invalid credentials)
Jul  7 12:12:33 solomon su(pam_unix)[6004]: session closed for user bobsmith
Jul  7 12:14:13 solomon httpd: nss_ldap: reconnecting to LDAP server...
Jul  7 12:14:13 solomon httpd: nss_ldap: reconnected to LDAP server after 1 attempt(s)
Jul  7 12:15:44 solomon sshd(pam_unix)[6056]: session opened for user yossefk by (uid=0)
Jul  7 12:15:57 solomon passwd[6103]: pam_ldap: error trying to bind as user "uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu" (Invalid credentials)

At this point I'm wondering if it is what it is saying up above, and if so how it is saying to fix that problem...any help would be appreciated.

Thanks.

jawed abbasi wrote:
I would say try folowing link.you need to put slapd.conf some sort of hashes
 
Try this link it is all about mandrake but it also woks on redhat
 
http://www.mandrakesecure.net/en/docs/ldap-auth2.php

Yossef Korang <yossef@yossefk.com> wrote:
Ok, I try to change the password with a user imported from /etc/passwd, and it always tells me LDAP password incorrect.

Its using pam authentication.


jawed abbasi wrote:
how did you create dthis user bobsmith and set his
password.

I would create a system user and then migrate it to
Ldap if you are a beginer.
did you hash the password if you did what did you use
I would create user on linux in /etc/passwd and
migrate  it into ldap and use authentication.

what kind of authenticatio you are using TLS or pam or
krebros ?

There is whole bunch of questions to ask 



--- Yossef Korang <yossef@yossefk.com> wrote:
  
Ok, I create a test user, called bobsmith, and set
the password in LDAP. 
 Now when I try to log in with bobsmith, it tells me
password 
incorrect(Using a cleartext password).  When I issue
passwd, it asks for 
password, I put it in(it accepts it) and then asks
for the new password. 
 I make a new password for the test user this way,
and when I try to log 
in with him, I still can't.  

Any suggestions on what is going wrong would be
greatly appreciated.

Thanks,
Yossef Korang

    


__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com


Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!