Search found 13 matches

by azzid
2017/04/13 07:40:30
Forum: CentOS 7 - Software Support
Topic: Ldap password change broke when going from centos6 to centos7
Replies: 0
Views: 675

Ldap password change broke when going from centos6 to centos7

I recently realized I am unable to change passwords on a server. To troubleshoot I re-setup the ldap connection on a VM. That VM happened to be centos6, and when I tried the passwd change there it worked fine. I paid better attention to detail and realized that the troublesome machine was centos7. I...
by azzid
2017/03/20 16:53:21
Forum: CentOS 7 - Security Support
Topic: Pam checking UID => 1000, How to disable
Replies: 30
Views: 62204

Re: Pam checking UID => 1000, How to disable

Look at the files in /etc/pam.d and do a search for 1000 in all of those files. /etc/pam.d/ # grep 1000 *ac fingerprint-auth-ac:account sufficient pam_succeed_if.so uid < 1000 quiet password-auth-ac:auth requisite pam_succeed_if.so uid >= 1000 quiet_success password-auth-ac:account sufficient pam_s...
by azzid
2017/03/11 10:28:14
Forum: CentOS 7 - Security Support
Topic: Pam checking UID => 1000, How to disable
Replies: 30
Views: 62204

Re: Pam checking UID => 1000, How to disable

it isn't as hard as it sounds. It involved (one at a time) changing the user and group IDs in /etc/group and /etc/passwd , then running a FIND command for each user, then group to change file ownership/group IDs Thanks for the kind offer to help with the find. Unfortunately that won't help me. The ...
by azzid
2017/03/10 20:16:43
Forum: CentOS 7 - Security Support
Topic: Pam checking UID => 1000, How to disable
Replies: 30
Views: 62204

Re: Pam checking UID => 1000, How to disable

if you find the reason without our sugestions- post it here for future refference. Who is "you"? me or OP? My problem was solved with tweaking the limit in /etc/login.defs and running authconfig --update. In my case, verified and done, the problem really was the user uid. The proper solution for me...
by azzid
2017/03/10 18:03:02
Forum: CentOS 7 - Security Support
Topic: Pam checking UID => 1000, How to disable
Replies: 30
Views: 62204

Re: Pam checking UID => 1000, How to disable

I can probably finish off my ramblings with the following. Getting back to the malfunctioning system I found the password-auth file to look like this: # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so...
by azzid
2017/03/09 21:22:05
Forum: CentOS 7 - Security Support
Topic: Pam checking UID => 1000, How to disable
Replies: 30
Views: 62204

Re: Pam checking UID => 1000, How to disable

What is the uid check for? [root@yolow pam.d]# grep ^auth login system-auth postlogin login:auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so login:auth substack system-auth login:auth include postlogin system-auth:auth required pam_env.so system-auth:auth sufficient p...
by azzid
2017/03/09 20:34:00
Forum: CentOS 7 - Security Support
Topic: Pam checking UID => 1000, How to disable
Replies: 30
Views: 62204

Re: Pam checking UID => 1000, How to disable

It should be noted however, that as OP suspected, authconfig does read login.defs: [root@yolow ~]# grep UID_MIN /etc/login.defs UID_MIN 1000 SYS_UID_MIN 201 [root@yolow ~]# authconfig --updateall [root@yolow ~]# grep uid /etc/pam.d/password-auth auth requisite pam_succeed_if.so uid >= 1000 quiet_suc...
by azzid
2017/03/09 20:13:06
Forum: CentOS 7 - Security Support
Topic: Pam checking UID => 1000, How to disable
Replies: 30
Views: 62204

Re: Pam checking UID => 1000, How to disable

Painted myself into a corner here, but I can recognise when I'm in the wrong. I spun up a vm to replicate the issue from my other now unavailable system. On a fresh install with local accounts I'm unable to reproduce. Pam still seem to be configured to require uid>=1000: [root@yolow ~]# grep -sIRw u...
by azzid
2017/03/09 19:22:00
Forum: CentOS 7 - Security Support
Topic: Pam checking UID => 1000, How to disable
Replies: 30
Views: 62204

Re: Pam checking UID => 1000, How to disable

I can still ssh as root which you have stated in this thread, is not the same as I have normal users with uids < 1000 . Also, since login works when I remove the pam check for the uid, but my users get upset (with me) when the system regenerates the line I'm fairly confident that i have pinpointed ...
by azzid
2017/03/09 18:50:04
Forum: CentOS 7 - Security Support
Topic: Pam checking UID => 1000, How to disable
Replies: 30
Views: 62204

Re: Pam checking UID => 1000, How to disable

There are two things happening in this thread. 1. OP is unable to login as root. 2. OP is specifically asking how to disable the pam UID-checking. I irks me that everyone jumps on the band wagon of refusing to address 2. I understand that in OP's case the UID-checking is not the real problem. But it...

Go to advanced search