'=?utf-8?q?=5BSSSD-users=5D?= Re: Passwd fails in SSSD 2.4.2 [SOLVED]'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sssd-users
Subject:    =?utf-8?q?=5BSSSD-users=5D?= Re: Passwd fails in SSSD 2.4.2 [SOLVED]
From:       Paweł_Szafer <pszafer () gmail ! com>
Date:       2021-05-11 20:22:27
Message-ID: CAJrMv73qSLZDaihGn6zeUVyx4Q=UyaJC9LdTLUo5b0Cw-CVNXw () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


wt., 11 maj 2021 o 18:09 Sumit Bose <sbose@redhat.com> napisał(a):

> Am Tue, May 11, 2021 at 03:31:22PM +0200 schrieb Paweł Szafer:
> > Hi, sure.
> > My auth files are based on this:
> > -
> https://wiki.archlinux.org/title/LDAP_authentication#PAM_Configuration_2
> > - and this: https://sssd.io/docs/ad/ad-provider-manual.html#id6
> >
> > but sssd.io docs are based on Debian/Ubuntu common-auth so I had to
> > improvise...
> >
> > passwd file:
> >
> > password        include         system-auth
> >
> > system-auth file:
> >
> > auth      sufficient  pam_unix.so     try_first_pass nullok
> > auth      sufficient pam_sss.so forward_pass
> > auth      optional    pam_permit.so
> > auth      required    pam_env.so
> > auth      requisite    pam_deny.so
> >
> > account   required    pam_unix.so
> > account   [default=bad success=ok user_unknown=ignore]  pam_sss.so
> > account   optional    pam_permit.so
> > account   required    pam_time.so
> >
> > password  sufficient  pam_unix.so     try_first_pass nullok sha512 shadow
> > use_authtok
> > password  sufficient  pam_sss.so use_authtok
>
> Hi,
>
> with use_authtok both pam_unix.so and pam_sss.so expect that another
> module is prompting for the new password, e.g.
>
> password    requisite  pam_pwquality.so try_first_pass local_users_only
> password    sufficient pam_unix.so sha512 shadow nullok try_first_pass
> use_authtok
> password    sufficient pam_sss.so use_authtok
> password    required   pam_deny.so
>
> HTH
>
> bye,
> Sumit
>

Hi, it's working now!
Thank you for your help!

bye,
Pawel

[Attachment #5 (text/html)]

<div dir="ltr"><div dir="ltr"><div><div dir="ltr" class="gmail_signature" \
data-smartmail="gmail_signature">wt., 11 maj 2021 o 18:09  Sumit Bose &lt;<a \
href="mailto:sbose@redhat.com">sbose@redhat.com</a>&gt; \
napisał(a):<br></div></div></div><div class="gmail_quote"><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">Am Tue, May 11, 2021 at 03:31:22PM +0200 schrieb \
Paweł Szafer:<br> &gt; Hi, sure.<br>
&gt; My auth files are based on this:<br>
&gt; - <a href="https://wiki.archlinux.org/title/LDAP_authentication#PAM_Configuration_2" \
rel="noreferrer" target="_blank">https://wiki.archlinux.org/title/LDAP_authentication#PAM_Configuration_2</a><br>
 &gt; - and this: <a href="https://sssd.io/docs/ad/ad-provider-manual.html#id6" \
rel="noreferrer" target="_blank">https://sssd.io/docs/ad/ad-provider-manual.html#id6</a><br>
 &gt; <br>
&gt; but <a href="http://sssd.io" rel="noreferrer" target="_blank">sssd.io</a> docs \
are based on Debian/Ubuntu common-auth so I had to<br> &gt; improvise...<br>
&gt; <br>
&gt; passwd file:<br>
&gt; <br>
&gt; password            include              system-auth<br>
&gt; <br>
&gt; system-auth file:<br>
&gt; <br>
&gt; auth         sufficient   pam_unix.so        try_first_pass nullok<br>
&gt; auth         sufficient pam_sss.so forward_pass<br>
&gt; auth         optional      pam_permit.so<br>
&gt; auth         required      pam_env.so<br>
&gt; auth         requisite      pam_deny.so<br>
&gt; <br>
&gt; account     required      pam_unix.so<br>
&gt; account     [default=bad success=ok user_unknown=ignore]   pam_sss.so<br>
&gt; account     optional      pam_permit.so<br>
&gt; account     required      pam_time.so<br>
&gt; <br>
&gt; password   sufficient   pam_unix.so        try_first_pass nullok sha512 \
shadow<br> &gt; use_authtok<br>
&gt; password   sufficient   pam_sss.so use_authtok<br>
<br>
Hi,<br>
<br>
with use_authtok both pam_unix.so and pam_sss.so expect that another<br>
module is prompting for the new password, e.g.<br>
<br>
password      requisite   pam_pwquality.so try_first_pass local_users_only<br>
password      sufficient pam_unix.so sha512 shadow nullok try_first_pass \
use_authtok<br> password      sufficient pam_sss.so use_authtok<br>
password      required     pam_deny.so<br>
<br>
HTH<br>
<br>
bye,<br>
Sumit<br></blockquote><div><br></div><div>Hi, it&#39;s working now!</div><div>Thank \
you for your help!</div><div><br></div><div>bye,</div><div>Pawel  </div></div></div>


[Attachment #6 (text/plain)]

_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic