[Freeipa-users] Trouble with new installation
Simo Sorce
ssorce at redhat.com
Thu Jun 4 20:15:00 UTC 2009
On Thu, 2009-06-04 at 13:05 -0700, Dumbo Q wrote:
> That had me thinking that maybe the user was not allowed to access the
> specific machine. I've gone through the docs a few times, and cannot
> find where my problem may be.
>
> As a a test i created the following file
> dn: uid=test,cn=users,cn=accounts,dc=mydom,dc=com
> changetype: modify
> replace: krbPasswordExpiration
> krbPasswordExpiration: 20090605194542Z
>
> [root at auth01 ~]# ldapmodify -h localhost -xv -D cn="Directory Manager"
> -W -f /root/testexpire.ldif
> ldap_initialize( ldap://localhost )
> Enter LDAP Password:
> replace krbPasswordExpiration:
> 20090605194542Z
> modifying entry "uid=test,cn=users,cn=accounts,dc=mydom,dc=com"
> modify complete
>
>
> The test user was now able to login to the server as i had hoped.
> I ran the 'passwd' command, entered my kerb pass, then picked a new
> pass.
> /var/log/messages again said:
> Jun 4 15:58:40 auth01 kpasswd[18390]: Unable to bind to ldap server
> Jun 4 15:58:40 auth01 kpasswd[18390]: Server Error while performing
> LDAP password change
>
> what could be going wrong here??
> i also tried running kinit, and then changing the passwd with the same
> results.
Have you tried to start kadmin by chance ?
I think I remember on some older versions the kadmin init script will
heppily generate a new kadmin/changepw secret making the one we stored
in the ipa-kpasswd specific keytab useless.
Can you check if you see errors in krb5kdc.log regarding obtaining a TGT
for kadmin/changepw ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list