PAM: auth: pam_unix(dovecot:auth): authentication failure; Unicorn Meta Zoo #1: Why another...
Is there a verb for listening stealthily?
What is the numbering system used for the DSN dishes?
Why does Java have support for time zone offsets with seconds precision?
Processing ADC conversion result: DMA vs Processor Registers
Mechanism of the formation of peracetic acid
What is a 'Key' in computer science?
How would it unbalance gameplay to rule that Weapon Master allows for picking a fighting style?
When does Bran Stark remember Jamie pushing him?
Could a cockatrice have parasitic embryos?
What is the definining line between a helicopter and a drone a person can ride in?
Why I cannot instantiate a class whose constructor is private in a friend class?
TV series episode where humans nuke aliens before decrypting their message that states they come in peace
Coin Game with infinite paradox
Is there an efficient way for synchronising audio events real-time with LEDs using an MCU?
Protagonist's race is hidden - should I reveal it?
Does a Draconic Bloodline sorcerer's doubled proficiency bonus for Charisma checks against dragons apply to all dragon types or only the chosen one?
Are these square matrices always diagonalisable?
Will I be more secure with my own router behind my ISP's router?
When I export an AI 300x60 art board it saves with bigger dimensions
Why does the Cisco show run command not show the full version, while the show version command does?
What's called a person who works as someone who puts products on shelves in stores?
What helicopter has the most rotor blades?
Why did Europeans not widely domesticate foxes?
Is it OK if I do not take the receipt in Germany?
PAM: auth: pam_unix(dovecot:auth): authentication failure;
Unicorn Meta Zoo #1: Why another podcast?
Announcing the arrival of Valued Associate #679: Cesar Manara
Come Celebrate our 10 Year Anniversary!How can I determine who (or what) has blocked access to a centos user account?Securing userPassword access with OpenLDAP in RHELLDAP (slapd) authenticated user cannot modify selfHow to add ACIs to OpenLDAP properlyOpenLDAP ACLs are not workingopenvpn pam authentication failurepam_unix(sshd:auth): authentication failurehow to self change attrs in openldaphow to set permission the manager in openldap?OpenLDAP: Index to olcDatabase not respectedslapd with mozillaAbPersonAlpha schema
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
We have opnldap setup on our ubuntu server, and were getting this message for a user:
auth: pam_unix(dovecot:account): account has expired (account expired)
Sep 3 19:05:03 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=XXXX rhost=::1 user=XXXX
I changed the password with ldappasswd successfully, but still the error persists. Doing some research it seems that shadowLastChange is not getting updated.
How can we resolve this?
/usr/share/slapd/slapd.conf
access to attrs=userPassword,shadowLastChange
by dn="@ADMIN@" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="@ADMIN@" write
by * read
OK - this seems to be a PAM issue.
If I edit /etc/nsswitch.conf to :
shadow: compat
I don't get the message that the account is expired.
If I change it to:
shadow: files ldap
I do. But in either case, I still get the dovecot error.
ldap openldap pam
asked Sep 3 '13 at 22:44
NinjaCatNinjaCat
4261719
bumped to the homepage by Community♦ 10 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
We have opnldap setup on our ubuntu server, and were getting this message for a user:
auth: pam_unix(dovecot:account): account has expired (account expired)
Sep 3 19:05:03 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=XXXX rhost=::1 user=XXXX
I changed the password with ldappasswd successfully, but still the error persists. Doing some research it seems that shadowLastChange is not getting updated.
How can we resolve this?
/usr/share/slapd/slapd.conf
access to attrs=userPassword,shadowLastChange
by dn="@ADMIN@" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="@ADMIN@" write
by * read
OK - this seems to be a PAM issue.
If I edit /etc/nsswitch.conf to :
shadow: compat
I don't get the message that the account is expired.
If I change it to:
shadow: files ldap
I do. But in either case, I still get the dovecot error.
ldap openldap pam
asked Sep 3 '13 at 22:44
NinjaCatNinjaCat
4261719
bumped to the homepage by Community♦ 10 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Does this help? serverfault.com/questions/416338/…
– iii
Sep 4 '13 at 3:22
no, because these are ldap users that are not in shadow...
– NinjaCat
Sep 4 '13 at 5:22
add a comment |
We have opnldap setup on our ubuntu server, and were getting this message for a user:
auth: pam_unix(dovecot:account): account has expired (account expired)
Sep 3 19:05:03 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=XXXX rhost=::1 user=XXXX
I changed the password with ldappasswd successfully, but still the error persists. Doing some research it seems that shadowLastChange is not getting updated.
How can we resolve this?
/usr/share/slapd/slapd.conf
access to attrs=userPassword,shadowLastChange
by dn="@ADMIN@" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="@ADMIN@" write
by * read
OK - this seems to be a PAM issue.
If I edit /etc/nsswitch.conf to :
shadow: compat
I don't get the message that the account is expired.
If I change it to:
shadow: files ldap
I do. But in either case, I still get the dovecot error.
ldap openldap pam
asked Sep 3 '13 at 22:44
NinjaCatNinjaCat
4261719
We have opnldap setup on our ubuntu server, and were getting this message for a user:
auth: pam_unix(dovecot:account): account has expired (account expired)
Sep 3 19:05:03 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=XXXX rhost=::1 user=XXXX
I changed the password with ldappasswd successfully, but still the error persists. Doing some research it seems that shadowLastChange is not getting updated.
How can we resolve this?
/usr/share/slapd/slapd.conf
access to attrs=userPassword,shadowLastChange
by dn="@ADMIN@" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="@ADMIN@" write
by * read
OK - this seems to be a PAM issue.
If I edit /etc/nsswitch.conf to :
shadow: compat
I don't get the message that the account is expired.
If I change it to:
shadow: files ldap
I do. But in either case, I still get the dovecot error.
ldap openldap pam
ldap openldap pam
asked Sep 3 '13 at 22:44
NinjaCatNinjaCat
4261719
asked Sep 3 '13 at 22:44
NinjaCatNinjaCat
4261719
edited Sep 4 '13 at 7:05
NinjaCat
asked Sep 3 '13 at 22:44
NinjaCatNinjaCat
4261719
asked Sep 3 '13 at 22:44
NinjaCatNinjaCat
4261719
asked Sep 3 '13 at 22:44
NinjaCatNinjaCat
4261719
4261719
bumped to the homepage by Community♦ 10 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 10 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Does this help? serverfault.com/questions/416338/…
– iii
Sep 4 '13 at 3:22
no, because these are ldap users that are not in shadow...
– NinjaCat
Sep 4 '13 at 5:22
add a comment |
Does this help? serverfault.com/questions/416338/…
– iii
Sep 4 '13 at 3:22
no, because these are ldap users that are not in shadow...
– NinjaCat
Sep 4 '13 at 5:22
Does this help? serverfault.com/questions/416338/…
– iii
Sep 4 '13 at 3:22
Does this help? serverfault.com/questions/416338/…
– iii
Sep 4 '13 at 3:22
no, because these are ldap users that are not in shadow...
– NinjaCat
Sep 4 '13 at 5:22
no, because these are ldap users that are not in shadow...
– NinjaCat
Sep 4 '13 at 5:22
add a comment |
1 Answer
1
active
oldest
votes
Never really answered my own question before, but I wanted to share in case anyone else ever comes across this. It had to do with saslauthd not installed, configured, and running. Once I did that, error went away.
answered Sep 6 '13 at 21:09
NinjaCatNinjaCat
4261719
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f536066%2fpam-auth-pam-unixdovecotauth-authentication-failure%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Never really answered my own question before, but I wanted to share in case anyone else ever comes across this. It had to do with saslauthd not installed, configured, and running. Once I did that, error went away.
answered Sep 6 '13 at 21:09
NinjaCatNinjaCat
4261719
add a comment |
Never really answered my own question before, but I wanted to share in case anyone else ever comes across this. It had to do with saslauthd not installed, configured, and running. Once I did that, error went away.
answered Sep 6 '13 at 21:09
NinjaCatNinjaCat
4261719
add a comment |
Never really answered my own question before, but I wanted to share in case anyone else ever comes across this. It had to do with saslauthd not installed, configured, and running. Once I did that, error went away.
answered Sep 6 '13 at 21:09
NinjaCatNinjaCat
4261719
Never really answered my own question before, but I wanted to share in case anyone else ever comes across this. It had to do with saslauthd not installed, configured, and running. Once I did that, error went away.
answered Sep 6 '13 at 21:09
NinjaCatNinjaCat
4261719
answered Sep 6 '13 at 21:09
NinjaCatNinjaCat
4261719
answered Sep 6 '13 at 21:09
NinjaCatNinjaCat
4261719
answered Sep 6 '13 at 21:09
NinjaCatNinjaCat
4261719
4261719
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f536066%2fpam-auth-pam-unixdovecotauth-authentication-failure%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Does this help? serverfault.com/questions/416338/…
– iii
Sep 4 '13 at 3:22
no, because these are ldap users that are not in shadow...
– NinjaCat
Sep 4 '13 at 5:22