Otdfbt

Multi tool use

In Avengers 1, why does Thanos need Loki?

I have a unique character that I'm having a problem writing. He's a virus!

What does a spell range of "25 ft. + 5 ft./2 levels" mean?

Position of past participle and extent of the Verbklammer

What are the differences between credential stuffing and password spraying?

Why is the relative clause in the following sentence not directly after the noun and why is the verb not in the end of the sentence?

How can I get a job without pushing my family's income into a higher tax bracket?

Using column size much larger than necessary

Missing Piece of Pie - Can you find it?

Make some Prime Squares!

Why doesn't WotC use established keywords on all new cards?

How do I tell my manager that his code review comment is wrong?

Is there an idiom that support the idea that "inflation is bad"?

Why Isn’t SQL More Refactorable?

I'm in your subnets, golfing your code

How does this change to the opportunity attack rule impact combat?

Understanding trademark infringements in a world where many dictionary words are trademarks?

On which topic did Indiana Jones write his doctoral thesis?

Would the Disguise Self spell be able to reveal hidden birthmarks/tattoos (of the person they're disguised as) to a character?

What is the most remote airport from the center of the city it supposedly serves?

How to model the curly cable part of the phone

Can Infinity Stones be retrieved more than once?

Verb "geeitet" in an old scientific text

I drew a randomly colored grid of points with tikz, how do I force it to remember the first grid from then on?

PAM: auth: pam_unix(dovecot:auth): authentication failure;

How can I determine who (or what) has blocked access to a centos user account?Securing userPassword access with OpenLDAP in RHELLDAP (slapd) authenticated user cannot modify selfHow to add ACIs to OpenLDAP properlyOpenLDAP ACLs are not workingopenvpn pam authentication failurepam_unix(sshd:auth): authentication failurehow to self change attrs in openldaphow to set permission the manager in openldap?OpenLDAP: Index to olcDatabase not respectedslapd with mozillaAbPersonAlpha schema

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

0

We have opnldap setup on our ubuntu server, and were getting this message for a user:

 auth: pam_unix(dovecot:account): account has expired (account expired)
Sep 3 19:05:03 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=XXXX rhost=::1 user=XXXX

I changed the password with ldappasswd successfully, but still the error persists. Doing some research it seems that shadowLastChange is not getting updated.

How can we resolve this?

/usr/share/slapd/slapd.conf

access to attrs=userPassword,shadowLastChange
 by dn="@ADMIN@" write
 by anonymous auth
 by self write
 by * none
access to dn.base="" by * read

# The admin dn has full write access, everyone else
# can read everything.
access to *
 by dn="@ADMIN@" write
 by * read

OK - this seems to be a PAM issue.

If I edit /etc/nsswitch.conf to :

shadow: compat

I don't get the message that the account is expired.

If I change it to:

shadow: files ldap

I do. But in either case, I still get the dovecot error.

ldap openldap pam

share|improve this question

edited Sep 4 '13 at 7:05

NinjaCat

asked Sep 3 '13 at 22:44

NinjaCatNinjaCat

4261719

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Does this help? serverfault.com/questions/416338/…
  
  – iii
  Sep 4 '13 at 3:22
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  no, because these are ldap users that are not in shadow...
  
  – NinjaCat
  Sep 4 '13 at 5:22
  

  
  
  
  

add a comment | 

0

We have opnldap setup on our ubuntu server, and were getting this message for a user:

 auth: pam_unix(dovecot:account): account has expired (account expired)
Sep 3 19:05:03 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=XXXX rhost=::1 user=XXXX

I changed the password with ldappasswd successfully, but still the error persists. Doing some research it seems that shadowLastChange is not getting updated.

How can we resolve this?

/usr/share/slapd/slapd.conf

access to attrs=userPassword,shadowLastChange
 by dn="@ADMIN@" write
 by anonymous auth
 by self write
 by * none
access to dn.base="" by * read

# The admin dn has full write access, everyone else
# can read everything.
access to *
 by dn="@ADMIN@" write
 by * read

OK - this seems to be a PAM issue.

If I edit /etc/nsswitch.conf to :

shadow: compat

I don't get the message that the account is expired.

If I change it to:

shadow: files ldap

I do. But in either case, I still get the dovecot error.

ldap openldap pam

share|improve this question

edited Sep 4 '13 at 7:05

NinjaCat

asked Sep 3 '13 at 22:44

NinjaCatNinjaCat

4261719

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Does this help? serverfault.com/questions/416338/…
  
  – iii
  Sep 4 '13 at 3:22
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  no, because these are ldap users that are not in shadow...
  
  – NinjaCat
  Sep 4 '13 at 5:22
  

  
  
  
  

add a comment | 

We have opnldap setup on our ubuntu server, and were getting this message for a user:

 auth: pam_unix(dovecot:account): account has expired (account expired)
Sep 3 19:05:03 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=XXXX rhost=::1 user=XXXX

I changed the password with ldappasswd successfully, but still the error persists. Doing some research it seems that shadowLastChange is not getting updated.

How can we resolve this?

/usr/share/slapd/slapd.conf

access to attrs=userPassword,shadowLastChange
 by dn="@ADMIN@" write
 by anonymous auth
 by self write
 by * none
access to dn.base="" by * read

# The admin dn has full write access, everyone else
# can read everything.
access to *
 by dn="@ADMIN@" write
 by * read

OK - this seems to be a PAM issue.

If I edit /etc/nsswitch.conf to :

shadow: compat

I don't get the message that the account is expired.

If I change it to:

shadow: files ldap

I do. But in either case, I still get the dovecot error.

ldap openldap pam

share|improve this question

edited Sep 4 '13 at 7:05

NinjaCat

asked Sep 3 '13 at 22:44

NinjaCatNinjaCat

4261719

 auth: pam_unix(dovecot:account): account has expired (account expired)
Sep 3 19:05:03 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=XXXX rhost=::1 user=XXXX

access to attrs=userPassword,shadowLastChange
 by dn="@ADMIN@" write
 by anonymous auth
 by self write
 by * none
access to dn.base="" by * read

# The admin dn has full write access, everyone else
# can read everything.
access to *
 by dn="@ADMIN@" write
 by * read

shadow: compat

shadow: files ldap

share|improve this question

edited Sep 4 '13 at 7:05

NinjaCat

asked Sep 3 '13 at 22:44

NinjaCatNinjaCat

4261719

share|improve this question

edited Sep 4 '13 at 7:05

NinjaCat

asked Sep 3 '13 at 22:44

NinjaCatNinjaCat

4261719

asked Sep 3 '13 at 22:44

NinjaCatNinjaCat

4261719

asked Sep 3 '13 at 22:44

NinjaCatNinjaCat

4261719

1 Answer
1

active

oldest

votes

0

Never really answered my own question before, but I wanted to share in case anyone else ever comes across this. It had to do with saslauthd not installed, configured, and running. Once I did that, error went away.

share|improve this answer

answered Sep 6 '13 at 21:09

NinjaCatNinjaCat

4261719

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f536066%2fpam-auth-pam-unixdovecotauth-authentication-failure%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

Never really answered my own question before, but I wanted to share in case anyone else ever comes across this. It had to do with saslauthd not installed, configured, and running. Once I did that, error went away.

share|improve this answer

answered Sep 6 '13 at 21:09

NinjaCatNinjaCat

4261719

add a comment | 

0

Never really answered my own question before, but I wanted to share in case anyone else ever comes across this. It had to do with saslauthd not installed, configured, and running. Once I did that, error went away.

share|improve this answer

answered Sep 6 '13 at 21:09

NinjaCatNinjaCat

4261719

add a comment | 

Never really answered my own question before, but I wanted to share in case anyone else ever comes across this. It had to do with saslauthd not installed, configured, and running. Once I did that, error went away.

share|improve this answer

answered Sep 6 '13 at 21:09

NinjaCatNinjaCat

4261719

share|improve this answer

answered Sep 6 '13 at 21:09

NinjaCatNinjaCat

4261719

answered Sep 6 '13 at 21:09

NinjaCatNinjaCat

4261719

answered Sep 6 '13 at 21:09

NinjaCatNinjaCat

4261719