[Freeipa-users] Re: Cannot contact any KDC for requested realm changing password
Simo Sorce
ssorce at redhat.com
Tue Jun 30 13:12:14 UTC 2009
On Tue, 2009-06-23 at 11:28 -0430, Robert Marcano wrote:
> On Mon, Jun 22, 2009 at 8:55 PM, Robert Marcano<robert at marcanoonline.com> wrote:
> > This weekend one of our ipa servers was moved from one subnet to
> > another new, all IPs, gateways, DNS references (including SRV records
> > and reverse records) were changed. Since that change We have this
> > problem, It is not possible for any user to change the password using
> > kpasswd (or using kinit for an expired password), the error message is
> > "Cannot contact any KDC for requested realm changing password",
> > everyone can kinit without problems,
> >
>
> strace tells me that it is contacting the right server (connect API),
> so it is not name resolving related. This problem has the same
> behavior than fixed bug 446210
> https://bugzilla.redhat.com/show_bug.cgi?id=446210#c23
>
> The fix was to build against openldap, but that was for 1.1.x
> versions, 1.2.x are not build against openldap, but to mozldap. it is
> weird this problem is triggered after a subnet change and DNS
> resolution is working fine
Have you changed the server name by chance ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list