I'm not sure if this is configuration problem or general tool deficiency. When I have users in LDAP with shadowAccount class, "passwd -S" will always show password status as LK (locked) even though user has valid password. As example
Code:
htest:~ # passwd -S user
user LK 04/24/2014 0 10000 30 -1
but
Code:
objectclass       :
                                top
                                person
                                posixAccount
                                shadowAccount
userpassword      :             {crypt}$1$85Y1T7VB$wbMtouL9wVjcVwtrEHCD20
uid               :             user
This is SLES11 SP3. Anyone else?