I hit this same bug /etc/auth-client-config/profile.d/ldap-auth-config only defines : [lac_ldap] nss_passwd=passwd: files ldap nss_group=group: files ldap nss_shadow=shadow: files ldap nss_netgroup=netgroup: nis
Which is parsed like: +++++++++++++++++++++++++++++++++++++++++ acc_TYPE.setProfile profile lac_ldap: ldap_example=>nss_passwd=>passwd: files ldap ldap_example=>nss_shadow=>shadow: files ldap ldap_example=>nss_netgroup=>netgroup: nis ldap_example=>pam_session=>session required pam_limits.so session required pam_unix.so session optional pam_ldap.so ldap_example=>pam_auth=>auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so ldap_example=>nss_group=>group: files ldap ldap_example=>pam_password=>password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so ldap_example=>pam_account=>account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so lac_ldap=>nss_passwd=>passwd: files ldap lac_ldap=>nss_shadow=>shadow: files ldap lac_ldap=>nss_group=>group: files ldap lac_ldap=>nss_netgroup=>netgroup: nis kerberos_example=>nss_passwd=>passwd: files db kerberos_example=>nss_shadow=>shadow: files kerberos_example=>nss_netgroup=>netgroup: nis kerberos_example=>pam_session=>session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug kerberos_example=>pam_auth=>auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass ignore_root debug auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update kerberos_example=>nss_group=>group: files db kerberos_example=>pam_password=>password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so kerberos_example=>pam_account=>account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so cracklib=>pam_password=>password required pam_cracklib.so retry=3 minlen=8 difok=3 password requisite pam_unix.so use_authtok nullok md5 password optional pam_smbpass.so nullok use_authtok use_first_pass missingok +++++++++++++++++++++++++++++++++++++++++ iacc-default's profile defines ldap_example with all services: [ldap_example] nss_passwd=passwd: files ldap nss_group=group: files ldap nss_shadow=shadow: files ldap nss_netgroup=netgroup: nis pam_auth=auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so pam_account=account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so pam_password=password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so pam_session=session required pam_limits.so session required pam_unix.so session optional pam_ldap.so /etc/auth-client-config/profile.d/ldap-auth-config should be changed to has similar values, or the /usr/sbin/auth-client-config should be updated so it ignores looking for pam_* services in Ubuntu and do only the nss_* ones, after calling pam-auth-update --package --force # or something like that -- OpenLDAP Server "sudo auth-client-config -a -p lac_ldap" https://bugs.launchpad.net/bugs/365153 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs