Re: User not known to the underlying authentication module

[Lane <software.research.development [at] gmail.com>]

Ok, forget my last post. Figured out that nslcd in debug prints to stdout so took it out of the background. Here's a paste that shows the command I give trying to log into my ldap client, with nslcd in debug.

http://pastebin.com/NP81N5Cx

So it looks like my client is hitting the openldap server. Does anyone see anything that might be wrong here?

On Wed, Jan 20, 2016 at 1:15 PM, Arthur de Jong <arthur [at] arthurdejong.org> wrote:

On Tue, 2016-01-19 at 21:30 -0600, Lane wrote:
> When trying to log in to an ldap client node from the openldap server
> node, I see the following...
>  
> $ ssh 10.10.10.120
> You are required to change your password immediately (root enforced)
> WARNING: Your password has expired.
> You must change your password now and login again!
> (current) LDAP Password:
> passwd: User not known to the underlying authentication module
> passwd: password unchanged
> Connection to 10.10.10.120 closed.
>  
> Here's the details on my user.
>  
> $ chage -l james
> Last password change                                    : Jan 06,
> 2016

This seems to suggest that your user is in /etc/passwd and not coming
from LDAP. On my system chage parses the files in /etc directly instead
of using NSS.

To get more information you can add the debug option in your PAM
configuration to both pam_unix and pam_ldap. Even more debug
information can be found by running nslcd in debug mode with -d. Be
sure to disable (u)nscd when debugging.

Hope this helps,

--
-- arthur - arthur [at] arthurdejong.org - http://arthurdejong.org/ --


--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe [at] lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/