> On Tue, Feb 19, 2013 at 03:29:03PM -0700, ninibaba@worldd.org wrote: >> >> >> ? >> ? >> Actually >> i'd like to take that back now, it works fine when running kpasswd, but >> if >> user password is expired when SSH to client, during the reset it only >> tried UDP same if issuing passwd command as well. > > > Both use sssd here which in theory should behave as kpasswd. Can you run > sssd with a high debug level, run the passwd command again and send > logs? If you prefer you can send them as PM to me. Most interesting > would be krb5_child.log but the others miht be useful as well. > > bye, > Sumit >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > > I found my issue by disabled SELinux on the client, also did a search and found this bug related to my issue exactly: <a href="https://bugzilla.redhat.com/show_bug.cgi?id=889251">https://bugzilla.redhat.com/show_bug.cgi?id=889251</a> The selinux-policy in CentOS 6 is not the same as the current selinux-policy-3.7.19-190.el6 in RHEL 6, CentOS 6 is using selinux-policy-3.7.19-155.el6 Thank you for everyone's help, reviewing the krb5_child.log led me to search SELinux audit log which turned up the problem while looking for denied messages.