[Freeipa-users] Unable to change Admin password
ide4you at gmail.com
ide4you at gmail.com
Wed Jan 12 20:02:14 UTC 2011
Yes ipa_kpasswd is running.
Sent on the TELUS Mobility network with BlackBerry
-----Original Message-----
From: Simo Sorce <ssorce at redhat.com>
Sender: freeipa-users-bounces at redhat.com
Date: Wed, 12 Jan 2011 14:16:38
To: <freeipa-users at redhat.com>
Subject: Re: [Freeipa-users] Unable to change Admin password
On Wed, 12 Jan 2011 13:58:31 -0500
Uzor Ide <ide4you at gmail.com> wrote:
> Hello List
>
>
> We are having problem with changing/reseting password. Even the admin
> password cannot be changed. During login users with expired
> passwords are warned that their password has expired and forced to
> change their password. But when the type new password, the operation
> fails with error "Authentication token manipulation error"
>
> When I tried the change the admin krb5 password from the ipa-server I
> got the following error
> "Cannot contact any KDC for requested realm while getting initial
> credentials"
>
> That's surprising because the KDC hostname resolves properly.
>
> This what's in the krb5kdc.log each time
>
> Jan 12 13:30:27 ipaserver.mycompany.com krb5kdc[1382](info): AS_REQ (7
> etypes {18 17 16 23 1 3 2}) 192.168.1.12: ISSUE: authtime 1294857027,
> etypes {rep=18 tkt=18 ses=18}, admin at MYCOMPANY.COM for kadmin/
> changepw at MYCOMPANY.COM
> Jan 12 13:30:39 ipaserver.mycompany.com krb5kdc[1382](info): AS_REQ (7
> etypes {18 17 16 23 1 3 2}) 192.168.1.12: NEEDED_PREAUTH: kadmin/
> changepw at MYCOMPANY.COM for krbtgt/MYCOMPANY.COM at UZDOMAIN.CA,
> Additional pre-authentication required
> Jan 12 13:30:40 ipaserver.mycompany.com krb5kdc[1382](info): AS_REQ (7
> etypes {18 17 16 23 1 3 2}) 192.168.1.12: ISSUE: authtime 1294857040,
> etypes {rep=18 tkt=18 ses=18}, kadmin/changepw at MYCOMPANY.COM for
> krbtgt/ MYCOMPANY.COM at UZDOMAIN.CA
>
> The server is freeipa-2.0 -beta and O/S is fedora 13
>
> Any help will be greatly appreciated
Is ipa_kpasswd running ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list