[Freeipa-users] Mountain Lion GUI Login

Davis Goodman davis.goodman at digital-district.ca
Wed Aug 7 14:01:48 UTC 2013 

Hi Brian, Lynn,

As far as Linux client, this is not my issue for now, I believe the Linux setup is quite straight forward and the password change at first login seems to work without an issue.

My main concern is on Mountain Lion 10.8.x,

At this point I've managed to bind the OSX machine to the IPA server without any issue following this guide:

http://linsec.ca/Using_FreeIPA_for_User_Authentication#Mac_OS_X_10.7.2F10.8

I also have all the autmounts configured via LDAP using this: https://ssl.apple.com/business/docs/Autofs.pdf on page 16.

My main issue right now seems to be at the GUI login. The applet shows up for password change but doesn't seem to do anything. When I press continue the applet comes back and this goes in a loop until I hit "Cancel".

My IPA versions are as follows:
ipa-admintools.x86_64                    3.0.0-26.el6_4.4           
ipa-client.x86_64                        3.0.0-26.el6_4.4              
ipa-gothic-fonts.noarch                  003.02-4.2.el6             
ipa-mincho-fonts.noarch                  003.02-3.1.el6
ipa-pgothic-fonts.noarch                 003.02-4.1.el6                                    
ipa-pmincho-fonts.noarch                 003.02-3.1.el6              
ipa-python.x86_64                        3.0.0-26.el6_4.4              
ipa-server.x86_64                        3.0.0-26.el6_4.4            
ipa-server-selinux.x86_64                3.0.0-26.el6_4.4              
ipa-server-trust-ad.x86_64               3.0.0-26.el6_4.4          

As mentioned in my first post, if I make the password change at the terminal prompt, I am then able to login without a password change prompt.

Not sure if I'll be able to go through this issue unless someone as already experienced this.

Davis


-- 


Davis Goodman
Directeur Informatique  |  IT Manager

5605 Avenue de Gaspé, Suite 408  |  Montréal, QC H2T 2A4 
Tél: +1 (514) 360-3253 x104            Cell: +1 (514) 994-7360 


On 2013-08-07, at 9:29 , Brian Lee <brian_lee1 at jabil.com> wrote:

> Hi Lynn,
> 
> 
> I just checked this in my lab setup:
> 
> - Set up a new user on the FreeIPA server as 'ipatest'. 
> 
> - Logged in to a Linux client configured for FreeIPA, it prompted me to change my password. 
> 
> - Successfully changed my password for ipatest. Verified this on another machine.
> 
> - Furthermore, I reset the "Password Policy" min lifetime to 0 and typed passwd on one of the ipa clients while logged in as ipatest. This worked without issue.
> 
> I also have FreeIPA set up in the lab with a domain trust to a 2008 R2 AD server, so I checked to see if the results would be the same.
> 
> - Logged in to FreeIPA client machine as the AD user.
> 
> - Typed passwd, and successfully reset my password. Verified the change in Windows as well as another IPA client.
> 
> All Linux systems in this test are running CentOS 6.4 x86_64
> FreeIPA server is running ipa-server-3.0.0-26.el6_4.4.x86_64
> FreeIPA clients are running ipa-client-3.0.0-26.el6_4.4.x86_64
> AD Server is running Windows 2008 R2
> 
> This won't necessarily help with the OS X problem, but maybe it assists with how it's working on Linux.
> 
> Thanks,
> Brian
> 
> 
> 
> On Tue, Aug 6, 2013 at 8:25 PM, Lynn Root <lroot at redhat.com> wrote:
> 
> On Aug 6, 2013, at 4:14 PM, KodaK <sakodak at gmail.com> wrote:
> 
> > On Tue, Aug 6, 2013 at 4:31 PM, Davis Goodman
> > <davis.goodman at digital-district.ca> wrote:
> >> Hi,
> >>
> >> I have an FreeIPA server configured, managed to configure a Mountain Lion Client for automounts and user logins.
> >>
> >> My issue is that whenever I first login with a user the "New Password" box shows up and even if I try to change the password the box keeps reappearing without any success.
> >>
> >> If I log onto the machine with the local admin user and try to get a ticket for this user I get a "New Password" prompt. From there I can change the password and I get a ticket without an issue. After that I can login through the GUI without being asked for a new password.
> >>
> >> Anyone has seen this behaviour before?
> >
> > That's the expected behavior.  When you set the user's password as an
> > admin, it sets the "force a password change" flag.
> 
> Correct me if I'm wrong, but it's not expect to *not* be able to change the password on an IPA client after the initial setup, and be forced to use the IPA Server to re-set the password.  Granted, the client is OSX.
> 
> However, I personally have experience the inability to change a new user's password on an IPA client, and only on the IPA Server.  Unfortunately, I've been trying to reproduce this and I can not. I've tried on Fedora 19, and will try on RHEL next.
> 
> Davis - Can you let me know your IPA Server and IPA Client versions? As well as the OS that the IPA Server is on?
> 
> Also, out of curiosity, do you have directions on how you set up the client on Mac OSX?
> 
> Thanks!
> 
> Lynn Root
> 
> 
> 
> Lynn Root
> @roguelynn
> Associate Software Engineer
> 
> 
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list