Package: nslcd Version: 0.7.13 Severity: normal The passwd command is failing when consumer (slave) ldap servers are specified before provider (master) ldap servers in nslcd.conf.
CLI: username@host:/tmp$ passwd Enter current password: You can now choose the new password or passphrase. A valid password should be a mix of upper and lower case letters, digits, and other characters. You can use a 9 character long password with characters from at least 3 of these 4 classes, or an 8 character long password containing characters from all the classes. An upper case letter that begins the password and a digit that ends it do not count towards the number of character classes used. A passphrase should be of at least 4 words, 12 to 40 characters long, and contain enough different characters. Enter new password: Re-type new password: Referral passwd: User not known to the underlying authentication module passwd: password unchanged Syslog: 2011-03-07T16:28:12-08:00 host authpriv debug passwd passwd[23236]: pam_ldap(passwd:chauthtok): nslcd authentication; user=username 2011-03-07T16:28:12-08:00 host authpriv debug passwd passwd[23236]: pam_ldap(passwd:chauthtok): authentication succeeded 2011-03-07T16:28:17-08:00 host authpriv debug passwd passwd[23236]: pam_ldap(passwd:chauthtok): nslcd password modify; user=username 2011-03-07T16:28:17-08:00 host authpriv notice passwd passwd[23236]: pam_ldap(passwd:chauthtok): password change failed: Referral; user=username 2011-03-07T16:28:17-08:00 host authpriv debug passwd passwd[23236]: pam_unix(passwd:chauthtok): user "username" does not exist in /etc/passwd 2011-03-07T16:28:17-08:00 host daemon warning nslcd nslcd[22889]: [5558ec] ldap_start_tls_s() failed: Local error (uri="ldaps://ldapmaster.my.tld:636") 2011-03-07T16:28:17-08:00 host daemon err nslcd nslcd[22889]: [5558ec] ldap_passwd_s() without old password failed: Referral 2011-03-07T16:28:17-08:00 host daemon warning nslcd nslcd[22889]: [5558ec] ldap_start_tls_s() failed: Local error (uri="ldaps://ldapmaster.my.tld:636") 2011-03-07T16:28:17-08:00 host daemon err nslcd nslcd[22889]: [5558ec] ldap_passwd_s() with old password failed: Referral The workaround is to modify nslcd.conf and list the provider (master) server first. In both cases nslcd.conf contains the line: referrals yes -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (900, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages nslcd depends on: ii adduser 3.112+nmu2 add and remove users and groups ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libgssapi-krb5-2 1.8.3+dfsg-4 MIT Kerberos runtime libraries - k ii libldap-2.4-2 2.4.23-7 OpenLDAP libraries Versions of packages nslcd recommends: ii libnss-ldapd [libnss-ldap] 0.7.13 NSS module for using LDAP as a nam ii libpam-ldapd [libpam-ldap] 0.7.13 PAM module for using LDAP as an au ii nscd 2.11.2-10 Embedded GNU C Library: Name Servi Versions of packages nslcd suggests: pn kstart <none> (no description available) -- debconf-show failed -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
