Hi all,

I tried to search through the list but did not find what I was looking for.

I am testing 389-ds installation and password policies implementation. I installed it both on Ubuntu 12.04 Server and on CentOS 6.3. Still in the beginning as I am stuck finding why the Ubuntu client does not honor server's password policies.

The install is pretty basic, I ran setup-ds-admin.pl, followed by the default options and got a LDAP server running. Then from the console (not too comfortable with the commands in this case), enabled Fine-Grained password policy for the whole tree and ticked "User must change password after reset". All good for now. And here is the trick:

On CentOS, I just ran authconfig-tui and enabled LDAP Client Authentication. Then "su - test_ldap" was successful and I got a message, stating "You are required to change your LDAP password immediately.". Happy!

But, I cannot make Ubuntu client to do the same. The best I can do with it is to login to the server. It does not honor the password policies - no notifications for the users, login successful after password expired, etc.

The Ubuntu client is 12.04 and I strictly followed their community wiki to set up PAM and be able to login. Btw, "getent passwd" and "id" works just fine, I can bind to the server, but no password policies.

How I can fix this?

Any advice will be greatly appreciated!

Thank you,

George S.