On (25/08/16 20:44), xcor...@gmail.com wrote:
>I have an environment set up with OpenLDAP, ppolicy and sssd on Ubuntu 12.04.
>I've got ppolicy working fine, for the most part, but I'm trying to set
>pwdReset: TRUE in LDAP to force users to change passwords and it's not having
>any effect. I hav
I got this working on Centos 6 using the following for password-auth-ac /
system-auth-ac.
#%PAM-1.0
# pam_succeed_if.so in auth MUST be sufficient
# pam_succeed_if.so in account does not currently work with uid under 500
and pwdReset:TRUE in OpenLDAP
authrequired pam_env.so
auth
Thanks Lukas. I just tried on a test machine with 16.04 and sssd
1.13.4-1ubuntu1 and it's having the same problem. It does have identical sssd
and pam configs as the 12.04 systems.
I'm not the first person to work on the pam files and I suspect between sssd,
cracklib and other things we've mana
On (25/08/16 21:29), xcor...@gmail.com wrote:
>Thanks Lukas. I just tried on a test machine with 16.04 and sssd
>1.13.4-1ubuntu1 and it's having the same problem. It does have identical sssd
>and pam configs as the 12.04 systems.
>
>I'm not the first person to work on the pam files and I suspect
Here's the config. I had to sanitize it.
[sssd]
config_file_version = 2
services = nss, pam
domains = domain1
[nss]
filter_groups = root
filter_users = root
[pam]
pam_verbosity = 3
[domain/domain1]
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_schema = rfc2307
ldap_uri = l
Please ignore my previous email as this is insecure:
authrequired pam_env.so
authsufficientpam_unix.so nullok try_first_pass
authsufficientpam_succeed_if.so uid >= 500 quiet
authsufficientpam_sss.so use_first_pass
One does not simply have pam_unix
On (16/09/16 14:55), Douglas Duckworth wrote:
>Please ignore my previous email as this is insecure:
>
>authrequired pam_env.so
>authsufficientpam_unix.so nullok try_first_pass
>authsufficientpam_succeed_if.so uid >= 500 quiet
>authsufficientpam_sss.s
On (29/08/16 20:26), xcor...@gmail.com wrote:
>Here's the config. I had to sanitize it.
>
>[sssd]
>config_file_version = 2
>services = nss, pam
>domains = domain1
>
>[nss]
>filter_groups = root
>filter_users = root
>
>[pam]
>pam_verbosity = 3
>
>[domain/domain1]
>id_provider = ldap
>auth_provider =
