local users not working, but ldap ones are fine

["Pete Clarke" <pete@devilincarnate.eclipse.co.uk>]

Hi there,

I have a working LDAP environment, running Open Ldap on a Debian Sarge 
installation. This is all good - users can log in, change passwords etc. 
without a problem.
What doesn't work are users contained in the /etc/passwd file - i.e. I can 
log into a system using an LDAP users, but not a local one.
I cannot change the root passord either - I get the following error:

alderney:/etc/pam.d# passwd
passwd: Authentication information cannot be recovered

The contents of my pam.d/common-* files are:

common-account:
account         sufficient      pam_ldap.so
account         required        pam_unix.so try_first_pass

common-auth:
auth    sufficient      pam_ldap.so
auth    required        pam_unix.so nullok_secure use_first_pass

common-password:
password   sufficient pam_ldap.so
password   required   pam_unix.so nullok obscure min=4 max=8 md5 
use_first_pass

common-session:
session     sufficient  pam_ldap.so
session     required    pam_unix.so

nsswitch.conf:
passwd:         files ldap
group:          files ldap
shadow:         files ldap
hosts:          files dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis

I have a user in /etc/passwd that I cannot do anything with. I created it in 
the normal way (groupadd/useradd) but if I try to set a password I get:

alderney:/home/pclarke# passwd cvs-admin
passwd: Authentication information cannot be recovered

So, LDAP users work fine - login/out, change password etc. but local file 
users cannot do anything. I can't even change the root password.

Any ideas?


Cheers,



Pete.