Hello,
I am trying to install a rhel6 machine with the ipa-1.2.2 client. Everything appears to work fine, with the exception of updating users passwords from the client. >From the user perspective, I get this: Changing password for user andytest. Kerberos 5 Password: New password: Retype new password: passwd: Authentication token manipulation error >From the local secure log, I see this: Mar 22 10:57:19 rhel6-test2 passwd: pam_unix(passwd:chauthtok): user "andytest" does not exist in /etc/passwd Mar 22 10:57:29 rhel6-test2 passwd: pam_unix(passwd:chauthtok): user "andytest" does not exist in /etc/passwd Mar 22 10:58:01 rhel6-test2 passwd: pam_krb5[25306]: password change failed for [email protected]: Cannot contact any KDC for requested realm There are no local or network firewalls between the client and the IPA server, and every other piece of IPA functionality appears to work fine. On the IPA server itself, I see this in krb5kdc: Mar 22 10:57:26 myipa.mydomain krb5kdc[2255](info): no valid preauth type found: Success Mar 22 10:57:26 myipa.mydomain krb5kdc[2255](info): AS_REQ (4 etypes {18 17 16 23}) XX.XX.XX.XX: PREAUTH_FAILED: [email protected] for kadmin/[email protected], Preauthentication failed Mar 22 10:57:26 myipa.mydomain krb5kdc[2255](info): AS_REQ (4 etypes {18 17 16 23}) XX.XX.XX.XX: NEEDED_PREAUTH: [email protected] for kadmin/[email protected], Additional pre-authentication required Mar 22 10:57:26 myipa.mydomain krb5kdc[2255](info): AS_REQ (4 etypes {18 17 16 23}) XX.XX.XX.XX: ISSUE: authtime 1300787846, etypes {rep=18 tkt=18 ses=18}, [email protected] for kadmin/[email protected] nsswitch.conf has the usual stuff: passwd: files ldap shadow: files ldap group: files ldap I'm not sure what else to check. Andy
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
