HPE Community
Operating System - HP-UX
1826408 Members
4200 Online
109692 Solutions
New Discussion

Re: change passwd with ldapux vs AD W2003

 
D.Blond
Frequent Advisor

‎05-31-2007 10:08 PM

‎05-31-2007 10:08 PM

change passwd with ldapux vs AD W2003

I was able to change paswd for one user just one time after ldapux/setup.
after i obtain the message "Password change rejected"
In attachement :
pam.conf
ktutil
swlist
krbval


D.Blond
Reply
5 REPLIES 5
Rasheed Tamton
Honored Contributor

‎06-01-2007 10:06 PM

‎06-01-2007 10:06 PM

Re: change passwd with ldapux vs AD W2003

Did you enter the new password both times correctly. What is your password rules on the server. You might have something like password length must be at least 7 or 8 characters, or can not repeat any of two or three previous passwords.
0 Kudos
Reply
language and scripting
New Member

‎06-01-2007 10:25 PM

‎06-01-2007 10:25 PM

Re: change passwd with ldapux vs AD W2003

Could you please provide the syslog output which you get while running the passwd command. As well as provide the passwd output. It could help in tracing the exact cause of the problem.
0 Kudos
Reply
skt_skt
Honored Contributor

‎06-03-2007 01:48 AM

‎06-03-2007 01:48 AM

Re: change passwd with ldapux vs AD W2003

"/usr/lbin/getprpw uid" and look for passwd change limits there
0 Kudos
Reply
D.Blond
Frequent Advisor

‎06-03-2007 06:46 PM

‎06-03-2007 06:46 PM

Re: change passwd with ldapux vs AD W2003

Hello,
that is the respose after getprpw:
titan>/usr/lbin/getprpw Dblond
System is not trusted.
And in syslog.log :
login: Dblond
Password:
Please wait...checking for disk quotas
titan-Dblond# passwd
Old password:
New password:
New password (again):
Password change rejected
Invalid login name.
titan-Dblond#
Jun 4 08:45:35 titan syslog: Password change rejected
thank's
D.Blond
0 Kudos
Reply
language and scripting
New Member

‎06-05-2007 04:31 AM

‎06-05-2007 04:31 AM

Re: change passwd with ldapux vs AD W2003

After looking into the password error. I can make following assumptions about the failure.
1. You need to check on ADS user account. whether you have been denied to change the password.

2. Since there are stacked pam module in the pam.conf file for passwd service so when pam_krb5 module get fail after that pam_unix module try to change the password but it seems it only checks the /etc/passwd file for user account and since your account is existing on ldap server it is giving "Invalid login name" error. If your acccount would have been existing in /etc//passwd file you should not get this error, but in that case it will change password in /etc/passwd not in ldap server.

To be able to change the password you need to work with ADS account administrator.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.