Local user account password management fails with winbind active in PAM and nsswitch.conf
(Doc ID 1393432.1)
Last updated on JANUARY 02, 2018
Applies to:
Solaris Operating System - Version 10 3/05 to 10 1/13 U11 [Release 10.0]Information in this document applies to any platform.
Symptoms
Solaris 10 systems with Samba's Winbind authentication method configured in the /etc/nsswitch.conf and /etc/pam.conf files local password management for users in the /etc/passwd file will fail.
To confirm if Winbind is configured the following files will have the entries shown:
passwd: files winbind
group: files winbind
The /etc/pam.conf file will have the pam_winbind.so module active in the following sections:
# Default definition for Account management
other account required pam_winbind.so
# Default definition for Password management
other password required pam_winbind.so
Users cannot modify their passwords under several conditions. Errors will be returned such as the following.
The non-root local password file user attempting to change their password:
passwd: Changing password for username
passwd: Unsupported nsswitch entry for "passwd:". Use "-r repository ".
Unexpected failure. Password file/table unchanged.
-bash-3.00$ passwd -r files
passwd: Changing password for username
Enter existing login password:
New Password:
Permission denied
Showing a example of a expired password or a change of password at the next log in by the local password file using being invoked:
passwd: password information changed for username
#
When the user attempts to connect or log in to the system they are prompted to change their password but cannot do so:
# ssh -l username host
Password:
Password:
Password:
Permission denied (gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive).
As root changing the local user password fails:
# passwd -r files username
New Password:
Permission denied
#
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |