[Freeipa-users] Trouble with new installation
Dumbo Q
dumboq at yahoo.com
Thu Jun 4 20:05:49 UTC 2009
That had me thinking that maybe the user was not allowed to access the specific machine. I've gone through the docs a few times, and cannot find where my problem may be.
As a a test i created the following file
dn: uid=test,cn=users,cn=accounts,dc=mydom,dc=com
changetype: modify
replace: krbPasswordExpiration
krbPasswordExpiration: 20090605194542Z
[root at auth01 ~]# ldapmodify -h localhost -xv -D cn="Directory Manager" -W -f /root/testexpire.ldif
ldap_initialize( ldap://localhost )
Enter LDAP Password:
replace krbPasswordExpiration:
20090605194542Z
modifying entry "uid=test,cn=users,cn=accounts,dc=mydom,dc=com"
modify complete
The test user was now able to login to the server as i had hoped.
I ran the 'passwd' command, entered my kerb pass, then picked a new pass.
/var/log/messages again said:
Jun 4 15:58:40 auth01 kpasswd[18390]: Unable to bind to ldap server
Jun 4 15:58:40 auth01 kpasswd[18390]: Server Error while performing LDAP password change
what could be going wrong here??
i also tried running kinit, and then changing the passwd with the same results.
- Stumped.
________________________________
From: Christian Horn <chorn at fluxcoil.net>
To: Dumbo Q <dumboq at yahoo.com>
Cc: Simo Sorce <ssorce at redhat.com>; freeipa-users at redhat.com
Sent: Thursday, June 4, 2009 12:49:58 PM
Subject: Re: [Freeipa-users] Trouble with new installation
On Thu, Jun 04, 2009 at 09:36:39AM -0700, Dumbo Q wrote:
> I am somewhat confused here. Can someone explain the technical
> relationship between kerberos and ldap. I understand the
> relationship overview but not so much is going on behind the
> scenes.
You should read on authorizations vs. authentication,
kerberos and ldap basics.
Introduction is i.e. here:
http://fluxcoil.net/files/a_sysadmins_guide_to_authentication_and_authorization__chhorn__current.pdf
Doesnt hurt to have both ldap and kerberos used in separate
environments/separated bevore using both from IPA.
Debugging both for itself is interesting sometimes ;)
Christian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20090604/b16b8b4d/attachment.htm>
More information about the Freeipa-users
mailing list