Linux Archive - OpenLDAP authentication, account expired when it's not.

On Mon, Jul 26, 2010 at 03:44:48PM -0700, Bill Campbell wrote:
> I am trying to set up LDAP authentication for CentOS workstations, but
> can't get it to authenticate properly. Authentication fails saying the
> account has expired when I know for certain that it has not (e.g.
> ldapsearch authenticated with the appropriate uid and password returns
> shadowLastChange 14816 and shadowMax 99999).

Well, I'm just going to spam my own page. Give it a gander, and see if
following it from the get go works.

Note the link to the forum thread in it--it's possible, though not
proven, that CentOS (probably RH) *might* have broken ldap.

http://home.roadrunner.com/~computertaijutsu/ldap.html

All I can say is that it works for me, but--and it's probably an
important but--I haven't set it up from scratch on CentOS 5.5 yet.

--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Anya: For a thousand years I wielded the powers of the
Wish. I brought ruin to the heads of unfaithful men. I brought forth
destruction and chaos for the pleasure of the lower beings. I was
feared and worshipped across the mortal globe. And now I'm stuck at
Sunnydale High. Mortal. Child. And I'm flunking Math.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Tue Jul 27 03:30:01 2010
Return-path: <arch-general-bounces@archlinux.org>
Envelope-to: tom@linux-archive.org
Delivery-date: Tue, 27 Jul 2010 03:18:01 +0300
Received: from gerolde.archlinux.org ([66.211.214.132]:58864 helo=archlinux.org)
by s2.java-tips.org with esmtp (Exim 4.69)
(envelope-from <arch-general-bounces@archlinux.org>)
id 1OdXrs-00077T-NU
for tom@linux-archive.org; Tue, 27 Jul 2010 03:18:01 +0300
Received: from gudrun.archlinux.org (gudrun.archlinux.org [66.211.214.131])
by archlinux.org (Postfix) with ESMTP id D2368900E0;
Mon, 26 Jul 2010 21:02:11 -0400 (EDT)
Received: from archlinux.org (gerolde.archlinux.org [66.211.214.132])
by gudrun.archlinux.org (Postfix) with ESMTP id B765D78028
for <arch-general@archlinux.org>; Mon, 26 Jul 2010 21:02:11 -0400 (EDT)
Received-SPF: pass (gmail.com ... _spf.google.com: 209.85.216.179 is
authorized to use 'adriandelatabla@gmail.com' in 'mfrom'
identity (mechanism 'ip4:209.85.128.0/17' matched))
receiver=gerolde.archlinux.org; identity=mailfrom;
envelope-from="adriandelatabla@gmail.com";
helo=mail-qy0-f179.google.com; client-ip=209.85.216.179
Received: from mail-qy0-f179.google.com (mail-qy0-f179.google.com
[209.85.216.179]) by archlinux.org (Postfix) with ESMTP id 4D467900DD
for <arch-general@archlinux.org>; Mon, 26 Jul 2010 21:02:08 -0400 (EDT)
Received: by qyk8 with SMTP id 8so2464531qyk.3
for <arch-general@archlinux.org>; Mon, 26 Jul 2010 18:02:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:received:in-reply-to
:references:date:message-id:subject:from:to:content-type
:content-transfer-encoding;
bh=o7LSj7FVyh99xQf4Rw4VRvlxliZmxFXvkOZh86Q7qrI=;
b=Ws0tFmivQYHzbbs8i21+Kr6C591B+pum2umgJBBNufViq9RZ C4Lsei3Rxb54vML9Zg
8XwrK41nQFsppkBCvqrRSX7GbmXBwBhIc6LHm3Bn1dqqH6V3Pa IqbbcOp//P8l20StvS
aeR2nt77FpE02Xci14PzqkLbO2VXlkKXdEexw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type:content-transfer-encoding;
b=shdeH01q5reCDyO3JVNRElUsLAP2UjgIwwqRewu1WAbVdkPh z+/Wfil6c4TzzTVwLw
s5uaLBtJ3VwCw3SK/9wX9m9NZ0RXXwdIgyx5DxcTL9mNaJ1O6GX0KmAFVbvTzKG+QKv 0
iBPlA2+82L061f73xvKP2umGrvfiiYD0VcCf4=
MIME-Version: 1.0
Received: by 10.224.19.17 with SMTP id y17mr1062511qaa.374.1280192531936; Mon,
26 Jul 2010 18:02:11 -0700 (PDT)
Received: by 10.229.101.104 with HTTP; Mon, 26 Jul 2010 18:02:11 -0700 (PDT)
In-Reply-To: <4C4E0533.1000907@suddenlinkmail.com>
References: <4C496CC6.9020402@suddenlinkmail.com>
<4C496F16.1070809@archlinux.org>
<AANLkTim21S2iWxUAfERvfWGA0VRUwVo7PwG=haO3aULe@mai l.gmail.com>
<1279923714.602.0.camel@localhost.localdomain>
<4C4E0533.1000907@suddenlinkmail.com>
Date: Mon, 26 Jul 2010 22:02:11 -0300
Message-ID: <AANLkTim0eE8MazKYBQqr8hnvVZp3njnaizD2e2FuK4_R@mai l.gmail.com>
From: =?UTF-8?Q?Javier_Adri=C3=A1n_Ortiz_de_la_Tabla?=
<adriandelatabla@gmail.com>
To: General Discussion about Arch Linux <arch-general@archlinux.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [arch-general] How to change gdm greeter theme?
X-BeenThere: arch-general@archlinux.org
X-Mailman-Version: 2.1.11
Precedence: list
Reply-To: General Discussion about Arch Linux <arch-general@archlinux.org>
List-Id: General Discussion about Arch Linux <arch-general.archlinux.org>
List-Unsubscribe: <http://mailman.archlinux.org/mailman/options/arch-general>,
<mailto:arch-general-request@archlinux.org?subject=unsubscribe>
List-Archive: <http://mailman.archlinux.org/pipermail/arch-general>
List-Post: <mailto:arch-general@archlinux.org>
List-Help: <mailto:arch-general-request@archlinux.org?subject=help>
List-Subscribe: <http://mailman.archlinux.org/mailman/listinfo/arch-general>,
<mailto:arch-general-request@archlinux.org?subject=subscribe>
Sender: arch-general-bounces@archlinux.org
Errors-To: arch-general-bounces@archlinux.org

> How do you get around this:
>
> gdm:x:120:120:Gnome Display Manager:/var/lib/gdm:/sbin/nologin
>
> su, gksu say account is not available. Do you just change the :sbin/nolog=
in
> part? How -- safely? I've never messed with something like that before.
>

This is what I use to do, if something is wrong somebody please correct me.

Change :/sbin/nologin to :/bin/bash, then, as root
# su gdm
$ dbus-launch gnome-appearance-properties

Configure according to your needs, then edit /etc/passwd again and
change :/bin/bash to :/sbin/nologin.

--=20
Javier Adri=C3=A1n Ortiz de la Tabla