Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: PAM password change failed, pam error 20
Operating Systems Linux SuSE PAM password change failed, pam error 20 Post 302831119 by scabarrus on Wednesday 10th of July 2013 08:07:00 AM
Old 07-10-2013
PAM password change failed, pam error 20
Hi,

I use a software which can create account on many system or application.

One of resource which is managed by this soft his a server SUSE Linux Enterprise Server 10 (x86_64). patch level 3.

This application which is an IBM application use ssh to launch command to create account in context defined in it.

I have some problem to manage this server and the application display an error of kind Can not set the password useradd fail.

I have displaye the log /var/log/messages that you will find bottom :
Quote:
Jul 10 13:49:26 infra-041 sshd[8694]: Accepted keyboard-interactive/pam for itim from 10.70.10.50 port 2651 ssh2
Jul 10 13:49:26 infra-041 sudo: itim : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/useradd -u 1192 FRY9AN94
Jul 10 13:49:26 infra-041 useradd[8715]: new account added - account=FRY9AN94, uid=1192, gid=100, home=/home/FRY9AN94, shell=/bin/bash, by=0
Jul 10 13:49:26 infra-041 useradd[8715]: account added to group - account=FRY9AN94, group=video, gid=33, by=0
Jul 10 13:49:26 infra-041 useradd[8715]: account added to group - account=FRY9AN94, group=dialout, gid=16, by=0
Jul 10 13:49:26 infra-041 useradd[8715]: running USERADD_CMD command - script=/usr/sbin/useradd.local, account=FRY9AN94, uid=1192, gid=100, home=/home/FRY9AN94, by=0
Jul 10 13:49:27 infra-041 sshd[8717]: Accepted keyboard-interactive/pam for itim from 10.70.10.50 port 2652 ssh2
Jul 10 13:49:27 infra-041 sudo: itim : TTY=pts/4 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/passwd FRY9AN94
Jul 10 13:49:27 infra-041 passwd[8722]: pam_unix2(passwd:chauthtok): conversation failed
Jul 10 13:49:27 infra-041 passwd[8722]: User root: Authentication token manipulation error
Jul 10 13:49:27 infra-041 passwd[8722]: password change failed, pam error 20 - account=FRY9AN94, uid=1192, by=0
Jul 10 13:49:27 infra-041 sshd[8720]: Received disconnect from 10.70.10.50: 10: General disconnection
Jul 10 13:49:27 infra-041 sudo: itim : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/userdel FRY9AN94
Jul 10 13:49:27 infra-041 shadow[8723]: running USERDEL_PRECMD command - script=/usr/sbin/userdel-pre.local, account=FRY9AN94, uid=1192, gid=100, home=/home/FRY9AN94, by=0
Jul 10 13:49:27 infra-041 crontab[8725]: (root) DELETE (FRY9AN94)
Jul 10 13:49:27 infra-041 shadow[8723]: account removed from group - account=FRY9AN94, group=video, gid=33, by=0
Jul 10 13:49:27 infra-041 shadow[8723]: account removed from group - account=FRY9AN94, group=dialout, gid=16, by=0
Jul 10 13:49:27 infra-041 shadow[8723]: account deleted - account=FRY9AN94, uid=1192, by=0
Jul 10 13:49:27 infra-041 shadow[8723]: running USERDEL_POSTCMD command - script=/usr/sbin/userdel-post.local, account=FRY9AN94, uid=1192, gid=100, home=/home/FRY9AN94, by=0
Jul 10 13:49:28 infra-041 sshd[8703]: Received disconnect from 10.70.10.50: 10: General disconnection
In this log if i understood, the application create the account in three action :
first ssh to create the account which is succeeded
second ssh to set the password, but it seemes there is a problem with pam module
third ssh to delete the account, because the application cannot change the passwd.

I have some difficulties to know where the problem is exactly met, perhaps you could help me.

I'm sorry for my english but it's not my first language.

Best regards
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

PAM Error messages on Server

Hi, I have CVSNT installed on my Linux machine and sometimes the server goes down with the following error in /var/log/messages. Does anyone know the approach that need to followed to investigate to resolve the same. If so , please let me know. Nov 23 05:57:43 <server ip> cvsnt(pam_unix):... (7 Replies)
Discussion started by: bsandeep_80
7 Replies

2. Solaris

PAM, Solaris, Openssh and Forcing a password change

Here's the issue. Currently when I run passwd -f "username" on any account, when I try to login with said account I don't get prompted to change my password I just keep getting prompted to input a password. (Of course this works just fine with telnet)Is there something i need to add to... (7 Replies)
Discussion started by: woodson2
7 Replies

3. Solaris

PAM settings.

Hi Experts, Appended is the pam.conf file in my Sol 5.10 client which uses AD for authentication(Followed scott Lowe's blog on AD-Solaris integration): bash-3.00# cat /etc/pam.conf ##ident "@(#)pam.conf 1.31 07/12/07 SMI" # Copyright 2007 Sun Microsystems, Inc. All rights reserved.... (9 Replies)
Discussion started by: Hari_Ganesh
9 Replies

4. Solaris

Pam Module sending a cannot get password enry after certain period in /var/adm/messag

Pam Module sending a cannot get password enry after certain period in /var/adm/message. pam_login_limit(auth): Cannot get Password entry for user 'dbsnmp' What is dbsnmp? Also if account is locked does pam module checks for this locked account at regular interval and keeps on posting... (2 Replies)
Discussion started by: student2009
2 Replies

5. UNIX for Dummies Questions & Answers

Using PAM to log password changes?

Hi, on a lab computer another user (who is a sudoer) changed my password without my permission. I'm pretty positive it was her, though I can't conclusively prove it. I had my friend, who is another sudoer on the machine, fix it and make me a sudoer now too. So everything is fine, but I want... (0 Replies)
Discussion started by: declannalced
0 Replies

6. Solaris

Error opening PAM libraries : solaris 10 on vmware workstation

Hi Admins, I am facing an issue with Solaris 10 sitting on vmware workstation... When I start it, it gives me an error : "Error opening PAM libraries, contact system administrator" Also I can reach it via putty, but none of the id/passwd working. I did revert pam.conf. But still no... (2 Replies)
Discussion started by: snchaudhari2
2 Replies

7. Solaris

pam sshd error

Hi I wanted to convert my pam libraries to 64 bit. so recently compiled my pam_banner and pam_wheel to 64 bit. I got the following error... sshd: dlsym failed pam_sm_authenticate:error ld.so.1 : sshd fatal: pam_sm_authenticate: can't find symbol thnaks (8 Replies)
Discussion started by: chinchao
8 Replies

8. Solaris

Solaris and PAM Password policy

Hello All, I have Sun DSEE7 (11g) on Solaris 10. I have run idsconfig and initialized ldap client with profile created using idsconfig. My ldap authentication works. Here is my pam.conf # Authentication management # # login service (explicit because of pam_dial_auth) # login ... (3 Replies)
Discussion started by: pandu345
3 Replies

9. Linux

Password hardening using pam

Hi We have a requirement to vary the minimum password criteria by the group to which a user belongs. For example a standard user should have a password with a minimum length of 12 and containing a mix of characters whereas an administrator should have a password with a minimum length of 14... (1 Reply)
Discussion started by: gregsih
1 Replies

10. OS X (Apple)

Mac OS X LDAP client not accepting ssh or console logins (PAM error)

Hi Folks, I've install 389 Directory Server on a Centos 7.0 server. Over the last two days I've been trying to connect a MacBook running 10.10.5 to the server as a client and I'm having only partial success. I've "Joined" to my network Account Server, and set my LDAP Mappings to... (2 Replies)
Discussion started by: jlh
2 Replies

LEARN ABOUT SUSE

adduser

useradd(8)						      System Manager's Manual							useradd(8)

NAME

       useradd - create a new user account

SYNOPSIS

       useradd [-D binddn] [-P path] [-c comment] [-d homedir]
	       [-e expire] [-f inactive] [-G group,...] [-g gid]
	       [-m [-k skeldir]] [-o] [-p password] [-u uid]
	       [-U umask] [-r] [-s shell] [--service service] [--help]
	       [--usage] [-v] [--preferred-uid uid] account

       useradd --show-defaults

       useradd --save-defaults [-d homedir] [-e expire] [-f inactive]
	       [-g gid] [-G group,...] [-k skeldir] [-U umask] [-s shell]

DESCRIPTION

       useradd	creates a new user account using the default values from /etc/default/useradd and the specified on the command line.  Depending on
       the command line options the new account will be added to the system files or LDAP database, the home directory will  be  created  and  the
       initial default files and directories will be copied.

       The  account name must begin with an alphabetic character and the rest of the string should be from the POSIX portable character class ([A-
       Za-z_][A-Za-z0-9_-.]*[A-Za-z0-9_-.$]).

OPTIONS

       -c, --comment comment
	      This option specifies the users finger information.

       -d, --home homedir
	      This option specifies the users home directory.  If not specified, the default from /etc/default/useradd is used.

       -e, --expire expire
	      With this option the date when the account will be expired can be changed. expiredate has to be specified as number  of  days  since
	      January 1st, 1970. The date may also be expressed in the format YYYY-MM-DD.  If not specified, the default from /etc/default/useradd
	      is used.

       -f, --inactive inactive
	      This option is used to set the number of days of inactivity after a password has expired before the account is locked. A user  whose
	      account  is  locked  must contact the system  administrator before being able to use the account again.  A value of -1 disables this
	      feature.	If not specified, the default from /etc/default/useradd is used.

       -G, --groups group,...
	      With this option a list of supplementary groups can be specified, which the user should become a member of. Each group is  separated
	      from the next one only by a comma, without whitespace.  If not specified, the default from /etc/default/useradd is used.

       -g, --gid gid
	      The  group name or number of the user's main group. The group name or number must refer to an already existing group.  If not speci-
	      fied, the default from /etc/default/useradd is used.

       -k, --skel skeldir
	      Specify an alternative skel directory. This option is only valid, if the home directory for the new user should be created, too.	If
	      not specified, the default from /etc/default/useradd or /etc/skel is used.

       -m, --create-home
	      Create home directory for new user account.

       -o, --non-unique
	      Allow duplicate (non-unique) User IDs.

       -p, --password password
	      Encrypted password as returned by crypt(3) for the new account. The default is to disable the account.

       -U, --umask umask
	      The permission mask is initialized to this value. It is used by useradd for creating new home directories. The default is taken from
	      /etc/default/useradd.

       -u, --uid uid
	      Force the new userid to be the given number. This value must be positive and unique. The default is to use the first free  ID  after
	      the greatest used one. The range from which the user ID is chosen can be specified in /etc/login.defs.

       --preferred-uid uid
	      Set the new userid to the specified value if possible. If that value is already in use the first free ID will be chosen as described
	      above.

       -r, --system
	      Create a system account. A system account is  an	user  with  an	UID  between  SYSTEM_UID_MIN  and  SYSTEM_UID_MAX  as  defined	in
	      /etc/login.defs, if no UID is specified. The GROUPS entry in /etc/default/useradd is ignored, too.

       -s, --shell  shell
	      Specify user's login shell. The default for normal user accounts is taken from /etc/default/useradd, the default for system accounts
	      is /bin/false.

       --service service
	      Add the account to a special directory. The default is files, but ldap is also valid.

       -D, --binddn binddn
	      Use the Distinguished Name binddn to bind to the LDAP directory.	The user will be prompted for a password  for  simple  authentica-
	      tion.

       -P, --path path
	      The  passwd  and	shadow	files  are  located  below  the specified directory path. useradd will use this files, not /etc/passwd and
	      /etc/shadow.

       --help Print a list of valid options with a short description.

       --usage
	      Print a short list of valid options.

       -v, --version
	      Print the version number and exit.

FILES

       /etc/passwd - user account information
       /etc/shadow - shadow user account information
       /etc/group - group information
       /etc/default/useradd - default values for account creation
       /etc/skel - directory containing default files

SEE ALSO

       passwd(1), login.defs(5), passwd(5), shadow(5), userdel(8), usermod(8)

AUTHOR

       Thorsten Kukuk <kukuk@suse.de>

pwdutils							     May 2010								useradd(8)
All times are GMT -4. The time now is 05:31 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy