[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password Problems



I haven't figured out the problem yet, and I've been trying many things to fix it. I'm using authconfig on redhat, and here's /etc/pam.d/system-auth :
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so


account     required      /lib/security/pam_unix.so
account     required      /lib/security/pam_ldap.so

password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so


session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_ldap.so

ACL's now look like this(Thanks to a previous suggestion)
access to attribute=userPassword
       by dn="uid=root,dc=solomon,dc=physics,dc=sc,dc=edu" write
       by self write
       by * read
       by anonymous auth
access to * by * read

Any help would be appreciated on this.

Thanks!

I'm still having difficult with changing the password for a user. I've looked at the logs, error messages, and through debugging(and give them below), and I have no clue what the problem could be. Any help at resolving this problem would be much appreciated as I cannot see what is causing the problem in the first place...

slapd debug:
>>> dnPrettyNormal: <uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu>
=> ldap_bv2dn(uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu,0)
<= ldap_bv2dn(uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu,272)=0
<<< dnPrettyNormal: <uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu>,
<uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu>
do_bind: version=3 dn="uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu"
method=128
conn=7 op=2 BIND dn="uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu" method=128
==> bdb_bind: dn: uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu
bdb_dn2entry_rw("uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu")
=> bdb_dn2id_matched( "uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu" )
====>
bdb_cache_find_entry_dn2id("uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu"):


10 (1 tries)
====> bdb_cache_find_entry_id( 10 )
"uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu" (found) (1 tries)
=> access_allowed: auth access to
"uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu" "userPassword" requested
=> acl_get: [1] check attr userPassword
<= acl_get: [1] acl uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu attr:
userPassword
=> acl_mask: access to entry "uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu",
attr "userPassword" requested
=> acl_mask: to all values by "", (=n)
<= check a_dn_pat: uid=root,dc=solomon,dc=physics,dc=sc,dc=edu
=> string_expand: pattern: uid=root,dc=solomon,dc=physics,dc=sc,dc=edu
=> string_expand: expanded: uid=root,dc=solomon,dc=physics,dc=sc,dc=edu
=> regex_matches: string:
=> regex_matches: rc: 1 no matches
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth(=x) (stop)
<= acl_mask: [2] mask: auth(=x)
=> access_allowed: auth access granted by auth(=x)
send_ldap_result: conn=7 op=2 p=3
send_ldap_result: err=49 matched="" text=""
send_ldap_response: msgid=3 tag=97 err=49


/var/log/messages:
Jul 8 12:25:11 solomon passwd[10635]: pam_ldap: error trying to bind as user
"uid=yossefk,dc=solomon,dc=physics,dc=sc,dc=edu" (Invalid credentials)


Passwd:
[yossefk@solomon yossefk]$ passwd
Enter login(LDAP) password:
LDAP Password incorrect: try again

ACL's in slapd.conf:
access to attribute=userPassword
       by dn="uid=root,dc=solomon,dc=physics,dc=sc,dc=edu" write
       by anonymous auth
       by self write
       by * auth
access to * by * read


Thanks!