User not known to the underlying authentication module
[Date Prev][Date Next] [Thread Prev][Thread Next]User not known to the underlying authentication module
- From: Lane <software.research.development [at] gmail.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: User not known to the underlying authentication module
- Date: Tue, 19 Jan 2016 21:30:07 -0600
I've been having a difficult time trying to log into ldap clients from a master node.
server: OpenLDAP 2.4.43
clients: nss-pam-ldapd 0.9.6
I am able to run an ldapsearch from the master node and see the results. Running ldappasswd from same also seems to run fine.
When trying to log in to an ldap client node from the openldap server node, I see the following...
$ ssh 10.10.10.120
You are required to change your password immediately (root enforced)
WARNING: Your password has expired.
You must change your password now and login again!
(current) LDAP Password:
passwd: User not known to the underlying authentication module
passwd: password unchanged
Connection to 10.10.10.120 closed.
Here's the details on my user.
$ chage -l james
Last password change : Jan 06, 2016
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
These are my client side and server side pam.d files (os is gentoo)
/etc/pam.d/passwd
auth sufficient pam_rootok.so
auth include system-auth
account include system-auth
password include system-auth
/etc/pam.d/sshd
auth include system-remote-login
account include system-remote-login
password include system-remote-login
session include system-remote-login
/etc/pam.d/system-auth
auth required pam_env.so
auth required pam_unix.so try_first_pass likeauth nullok
auth optional pam_permit.so
auth sufficient pam_ldap.so use_first_pass
account required pam_unix.so
account optional pam_permit.so
account sufficient pam_ldap.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password optional pam_permit.so
password sufficient pam_ldap.so use_authtok use_first_pass
session required pam_limits.so
session required pam_env.so
session required pam_unix.so
session optional pam_permit.so
session optional pam_ldap.so
/etc/pam.d/system-remote-login
auth include system-login
account include system-login
password include system-login
session include system-login
/etc/pamd/system-login
auth required pam_tally2.so _onerr_=succeed
auth required pam_shells.so
auth required pam_nologin.so
auth include system-auth
account required pam_access.so
account required pam_nologin.so
account include system-auth
account required pam_tally2.so _onerr_=succeed
password include system-auth
session optional pam_loginuid.so
session required pam_env.so
session optional pam_lastlog.so silent
session include system-auth
session optional pam_motd.so motd=/etc/motd
session optional pam_mail.so
Any help much appreciated.
server: OpenLDAP 2.4.43
clients: nss-pam-ldapd 0.9.6
I am able to run an ldapsearch from the master node and see the results. Running ldappasswd from same also seems to run fine.
When trying to log in to an ldap client node from the openldap server node, I see the following...
$ ssh 10.10.10.120
You are required to change your password immediately (root enforced)
WARNING: Your password has expired.
You must change your password now and login again!
(current) LDAP Password:
passwd: User not known to the underlying authentication module
passwd: password unchanged
Connection to 10.10.10.120 closed.
Here's the details on my user.
$ chage -l james
Last password change : Jan 06, 2016
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
These are my client side and server side pam.d files (os is gentoo)
/etc/pam.d/passwd
auth sufficient pam_rootok.so
auth include system-auth
account include system-auth
password include system-auth
/etc/pam.d/sshd
auth include system-remote-login
account include system-remote-login
password include system-remote-login
session include system-remote-login
/etc/pam.d/system-auth
auth required pam_env.so
auth required pam_unix.so try_first_pass likeauth nullok
auth optional pam_permit.so
auth sufficient pam_ldap.so use_first_pass
account required pam_unix.so
account optional pam_permit.so
account sufficient pam_ldap.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password optional pam_permit.so
password sufficient pam_ldap.so use_authtok use_first_pass
session required pam_limits.so
session required pam_env.so
session required pam_unix.so
session optional pam_permit.so
session optional pam_ldap.so
/etc/pam.d/system-remote-login
auth include system-login
account include system-login
password include system-login
session include system-login
/etc/pamd/system-login
auth required pam_tally2.so _onerr_=succeed
auth required pam_shells.so
auth required pam_nologin.so
auth include system-auth
account required pam_access.so
account required pam_nologin.so
account include system-auth
account required pam_tally2.so _onerr_=succeed
password include system-auth
session optional pam_loginuid.so
session required pam_env.so
session optional pam_lastlog.so silent
session include system-auth
session optional pam_motd.so motd=/etc/motd
session optional pam_mail.so
Any help much appreciated.
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see http://lists.arthurdejong.org/nss-pam-ldapd-users/
- User not known to the underlying authentication module, Lane
- Prev by Date: Re: ipHostNumber mixed IPv4/v6 use case
- Next by Date: Re: User not known to the underlying authentication module
- Previous by thread: Re: ipHostNumber mixed IPv4/v6 use case
- Next by thread: Re: User not known to the underlying authentication module