[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: No more logins after upgrade to deb 5.0

* Axel Werner (info@awerner.homeip.net) [04.03.09 14:39]:
> Hello Debian Gurus!
> I got a realy realy BAD problem after Upgrade from Debian 4.x Etch to 
> Debian 5.0 Lenny i was not able to resolve or even trace the source of 
> trouble. Maybe one of you guys can help me find the problem.
> Problem:
> After upgrading from Debian 4.x to 5.x without any further configuration 
> attempts my LDAP Authentication configuration fails. To be more specific, 
> only LDAP/SMB Users whos ldap password is expired are no more able to login 
> to console or via ssh. On SSH they will get an „Access denied“ message, 
> on console they get an „Login incorrect“.
> If an LDAP Administrator resets that users password and/or as long their 
> ldap password is not expired the user can login anywhere just fine. If his 
> pw expired he is locked out again.

> This behaviour is WRONG! With Debian 4.x this worked just fine with my 
> configuration (same as with debian 5.0).

No need to shout...

This behaviour is totally right. You shouldn't be able to log in with an 
expired password.

The difference may be that ssh now uses pam: examine /etc/ssh/sshd_config 

> Finding the BAD
> so NO SIR! The Credentials are correct!! But WHY is pam_ldap complaining 
> ????

No Sir, the credentials are *not* correct: the password is expired!

> Could you please HELP me to find the Problem ?
> regards
> Axel
> PS:

[awfull lot of configs]

Don't have the time to diff this with my eyes...


 " Religion ist das Opium des Volkes. "      Karl Marx

 SEB@STI@N GÜNTHER         mailto:samson@guenther-roetgen.de

Attachment: pgp64vUZTbuaA.pgp
Description: PGP signature

Reply to: