4
I'm a "backup" sysadmin for a small team, and the primary sysadmin is unavailable. The lab setup is a little bit new to me, and I'm not familiar with everything about how it's setup yet (and my Linux sysadmin skills are probably a little out of date). I was asked to reset a password for a user, and I thought "great, that's just passwd -e username". Unfortunately, this gives me:
# /usr/bin/passwd jdoe
Changing password for user jdoe.
Password reset by root is not supported.
passwd: Authentication token manipulation error
At first I thought I just need to use ldappasswd
instead, but apparently it's not using LDAP (/usr/bin/ldappasswd
does not exist and the command is not found on the system). Finally, I checked /etc/nsswitch.conf
, and saw this:
passwd: files sss
shadow: files sss
group: files sss
Additional info: This system (and most of my lab network) is running on CentOS release 6.6.
Ok, I guess my Linux skills are a little bit inadequate or rusty. What is "sss"? And how do I accomplish a simple password reset on this system?
Updated Information:
I am attempting to reset the password as the root user (yeah, not the best security setup that we have root login enabled and not sudo for the lab admins, but I'm just the backup guy...I can only try to influence). What appear to be the relevant lines from /etc/sssd/sssd.conf
are (best guess, as I said, I'm rusty on some things, like IPA):
ipa_domain = sub.domain.mycompany.com
id_provider = ipa
auth_provider = ipa
ldap_autofs_entry_object_class = automount
access_provider = ipa
ipa_hostname = node6.sub.domain.mycompany.com
chpass_provider = ipa
ldap_autofs_entry_key = automountKey
ipa_server = ipa1.sub.domain.mycompany.com, ipa2.sub.domain.mycompany.com
Was your username granted sudo rights? – Ramhound – 2017-05-15T23:48:21.283
Provide us the contents of nslcd.conf – Ramhound – 2017-05-15T23:56:01.053
Did you try
man sssd
? Do you have ansssd.conf
file somewhere in/etc
? – David Schwartz – 2017-05-16T00:24:54.567I can't find an nslcd.conf file, but I did post what appeared to be the relevant contents of the /etc/sssd/sssd.conf file. The server
ipa1
has all the expected LDAP commands installed, and I might be able to figure it out from here. But I'll let one of you fine folks post an answer to claim credit if you wish. – Ogre Psalm33 – 2017-05-16T12:28:09.723