RSS feed

User not known to the underlying authentication module

[Date Prev][Date Next] [Thread Prev][Thread Next]

User not known to the underlying authentication module

I've been having a difficult time trying to log into ldap clients from a master node.

server: OpenLDAP 2.4.43
clients: nss-pam-ldapd 0.9.6
I am able to run an ldapsearch from the master node and see the results. Running ldappasswd from same also seems to run fine.

When trying to log in to an ldap client node from the openldap server node, I see the following...
$ ssh
You are required to change your password immediately (root enforced)
WARNING: Your password has expired.
You must change your password now and login again!
(current) LDAP Password:
passwd: User not known to the underlying authentication module
passwd: password unchanged
Connection to closed.
Here's the details on my user.
$ chage -l james
Last password change                                    : Jan 06, 2016
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7
These are my client side and server side pam.d files (os is gentoo)
auth       sufficient
auth       include      system-auth
account    include      system-auth
password   include      system-auth
auth       include      system-remote-login
account    include      system-remote-login
password   include      system-remote-login
session    include      system-remote-login
auth            required
auth            required try_first_pass likeauth nullok
auth            optional
auth            sufficient use_first_pass
account         required
account         optional
account         sufficient
password        required difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password        required try_first_pass use_authtok nullok sha512 shadow
password        optional
password        sufficient use_authtok use_first_pass
session         required
session         required
session         required
session         optional
session         optional
auth       include      system-login
account    include      system-login
password   include      system-login
session    include      system-login
auth       required _onerr_=succeed
auth       required
auth       required
auth       include      system-auth
account    required
account    required
account    include      system-auth
account    required _onerr_=succeed
password   include      system-auth
session    optional
session    required
session    optional silent
session    include      system-auth
session    optional motd=/etc/motd
session    optional

Any help much appreciated.
To unsubscribe send an email to or see