On 11/02/2012 08:00 AM, 389-users-request(a)lists.fedoraproject.org wrote:
> Send 389-users mailing list submissions to
> 389-users(a)lists.fedoraproject.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
> or, via email, send a message with subject or body 'help' to
> 389-users-request(a)lists.fedoraproject.org
>
> You can reach the person managing the list at
> 389-users-owner(a)lists.fedoraproject.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of 389-users digest..."
>
>
> Today's Topics:
>
> 1. LDAP authentication related - CANNOT change password by
> running passwd on clients (albert.solaris)
> 2. Re: LDAP authentication related - CANNOT change password by
> running passwd on clients (Dan Lavu)
> 3. Re: LDAP authentication related - CANNOT change password by
> running passwd on clients (Grzegorz Dwornicki)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 01 Nov 2012 16:02:39 -0400
> From: "albert.solaris" <albert.solaris(a)gmail.com>
> To: 389 Mail list <389-users(a)lists.fedoraproject.org>
> Subject: [389-users] LDAP authentication related - CANNOT change
> password by running passwd on clients
> Message-ID: <5092D55F.8020001(a)gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
>
> I am stuck in the 389 DS implementation, hope someone could help me out.
>
> My situation is that I am trying to establish a cute enterprise
> environment with VMWorkstation and CentOS. All guest OSs are CentOS6.3
> based. So far I have got DNS, DHCP, Gateway, File server worked
> perfectly; However, the 389 LDAP server here, Hmm... I would say it is
> partially working. And this is also where you come in.
>
> What does it mean by 'partially working' exactly? Let me tell you.
>
> What happened here is that I've installed and configured 389 DS without
> SSL/TLS enable, migrated local users on my file server to the LDAP
> already. Now, from my DHCP clients, also LDAP clients, I can retrieve
> information within the LDAP server by running ldapsearch, I can even
> change to regular users (i.e. user1/user2/.../user10 created on the file
> server) with Autofs home directory mounted automatically. Somehow, I
> cannot change password by running passwd command.
>
> Here is what I got when changing.
> [root@dhcpclient sssd]# /su - user1/
> [user1@dhcpclient ~]$
> [user1@dhcpclient ~]$ /passwd/
> Changing password for user user1.
> Current Password:
> passwd: Authentication token manipulation error
> [user1@dhcpclient ~]$
>
> I am new to Linux, so have no idea about the reason behind that. Is it
> a LDAP acl issue, or sssd configuration issue, or security pam issue, or
> whatever else.
>
> If you could help me out, that would be great. Please let me know if
> you want any configuration files from me. I don't want to attach
> everything here to scare you.
>