[Freeipa-users] Re: Cannot contact any KDC for requested realm changing password
Robert Marcano
robert at marcanoonline.com
Tue Jun 23 15:58:13 UTC 2009
On Mon, Jun 22, 2009 at 8:55 PM, Robert Marcano<robert at marcanoonline.com> wrote:
> This weekend one of our ipa servers was moved from one subnet to
> another new, all IPs, gateways, DNS references (including SRV records
> and reverse records) were changed. Since that change We have this
> problem, It is not possible for any user to change the password using
> kpasswd (or using kinit for an expired password), the error message is
> "Cannot contact any KDC for requested realm changing password",
> everyone can kinit without problems,
>
strace tells me that it is contacting the right server (connect API),
so it is not name resolving related. This problem has the same
behavior than fixed bug 446210
https://bugzilla.redhat.com/show_bug.cgi?id=446210#c23
The fix was to build against openldap, but that was for 1.1.x
versions, 1.2.x are not build against openldap, but to mozldap. it is
weird this problem is triggered after a subnet change and DNS
resolution is working fine
--
Robert Marcano
More information about the Freeipa-users
mailing list