HI George, can we see the configuration files. for example the /etc/pam.d/ and /etc/ldap files - Carlos Date: Thu, 20 Dec 2012 17:14:44 -0500 From: [email protected] To: [email protected] Subject: [MLUG] Linux LDAP Client for 389-ds - password policy
Hi all, I am reading the list for few years already but never been brave enough to post anything. Well, it seems that the time has come :) I am playing with 389-ds (RHEL/CentOS/Fedora LDAP server implementation). I like it a lot and plan to stick with it. However, I have one big problem with it, which beats me for quite some time already (few weeks to be precise). I have read tons of stuff and still can't make it do what I want. Here it is: 389-ds server is up and running. Created test user to play with the "Fine-grained password policies". This feature looks very attractive to me. I installed the same server version on both CentOS 6 and Ubuntu 12.04. I count the Ubuntu clone should be the same as the CentOS one. The problem is that the same server config (plain install, and fine-grain policies enabled for the whole tree) yield different results for Ubuntu and CentOS clients. The CentOS client does what is supposed to do - namely obeys the policy, prompts the user to change the password, issue warnings, etc. Did I mention that I strictly followed the manual? But .. the Ubuntu client does not get the Password Policy. Both clients authenticate successfully, both can change user passwords. The only way to make Ubuntu client honor the any password policy is to allow the user to change passwords and then setup shadowAccount objectclass attributes accordingly. This way PAM just gets their values and acts normally. Does anyone know of a difference between both client implementations? Does anyone have an advice? I read that Active Directory have similar Fine-Grained Password policy implementation. Does anyone have Ubuntu client that honors it? Thank you all! Happy holidays! George S. _______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
_______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
