Prompt users with expired passwords to enter a new one LDAP + PAM

Hello Folks!

System: Centos5.4

I use OpenLDAP as backend and PAM for virtualmin+usermin+webmin. All work fine exept when the password has aged and a new one is prompted when logging in to usermin.

This is what is shown:

               Failed to change password : PAM error : LDAP Password incorrect: try again

It is possible to change password as logged in user i usermin or webmin and from unix command line, also admin can change password for other users.

When logging in using ssh, the user get prompted and can successfully change password and thereafer login with new password.

I have tried using the same pam-file settings for usermin as ssh, it did not help.

cat /etc/pam.d/usermin

auth include system-auth account include system-auth session include system-auth password include system-auth

cat /etc/pam.d/sshd

auth include system-auth account required pam_nologin.so account include system-auth password include system-auth session optional pam_keyinit.so force revoke session include system-auth session required pam_loginuid.so

cat /etc/pam.d/system-auth

auth required pam_env.so auth sufficient pam_ldap.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet

account required pam_unix.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok

password sufficient pam_ldap.so use_first_pass password required pam_deny.so

session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so auth required pam_deny.so account sufficient pam_ldap.so session sufficient pam_ldap.so

Anyone who knows ?

Regards // // Peter Steen