R: R: pwdReset problem in CentOS 7
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
R: R: pwdReset problem in CentOS 7
- From: <nsspamldapd12 [at] iotti.biz>
- To: <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: R: R: pwdReset problem in CentOS 7
- Date: Mon, 14 Jan 2019 12:03:08 +0100
> -----Messaggio originale-----
> Da: Luigi Iotti <luigi@iotti.biz>
> Inviato: domenica 13 gennaio 2019 23:31
> A: 'Arthur de Jong' <arthur@arthurdejong.org>; 'nss-pam-ldapd-
> users@lists.arthurdejong.org' <nss-pam-ldapd-
> users@lists.arthurdejong.org>
> Oggetto: R: R: pwdReset problem in CentOS 7
>
> > > nslcd: [e45d32] <authc="lux"> DEBUG:
> > > ldap_sasl_bind("uid=lux,ou=Tecnici,ou=People,dc=test,dc=it","***")
> > > (uri="ldap://127.0.0.1/";) (ppolicy=yes)
> > > nslcd: [e45d32] <authc="lux"> DEBUG: got
> > > LDAP_CONTROL_PASSWORDPOLICYRESPONSE (Password must be
> > changed)
> > > nslcd: [e45d32] <authc="lux"> DEBUG:
> > > myldap_search(base="uid=lux,ou=Tecnici,ou=People,dc=test,dc=it",
> > > filter="(objectClass=*)")
> > > nslcd: [e45d32] <authc="lux"> ldap_result() failed: Insufficient
> > > access: Operations are restricted to
> > > bind/unbind/abandon/StartTLS/modify password
> >
> > The problem here may be that the policy does not provide any grace
> > logins left but I'm not 100% sure. It could be that the PAM stack does
> > not provide the correct answers. To get more information add the debug
> > option to the pam_ldap.so lines in your PAM stack (at least for auth and
> account parts).
>
> Hi Arthur,
>
> the problem vanished. The only thing I did was to replace the nslcd binary
> with one I recompiled wirh debug messages wide spread. I'm sorry, if/when I
> find the real thig that did correct the problem, I'll post about it here.
> Disappointing, but I double checked all the configs involved.
> Now I have another little problem I write in a separate message.
I found what I forgot I did among various tests, which solved the problem. Too
bad my memory is so exhausted. So for future reference, and for googlers:
To handle pwdReset on CentOS7, I upgraded nss-pam-ldapd to the current version,
0.9.10, then ran authconfig to configure it (authconfig --enableldap
--enableldapauth --ldapserver=ip.ad.dr.es --ldapbasedn="dc=test,dc=it"
--enablemkhomedir --updateall) then added to nslcd.conf pam_authc_search NONE.
This last step was needed in this setup, and was the one I did not remember.
But now it works:)
Thank you again.
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/
