On 03/22/2011 06:11 AM, Andy Singleton wrote: > Hello, > > > > I am trying to install a rhel6 machine with the ipa-1.2.2 client. > > Everything appears to work fine, with the exception of updating users > passwords from the client. > > > > >From the user perspective, I get this: > > > > Changing password for user andytest. > > Kerberos 5 Password: > > New password: > > Retype new password: > > passwd: Authentication token manipulation error > > > > >From the local secure log, I see this: > > > > Mar 22 10:57:19 rhel6-test2 passwd: pam_unix(passwd:chauthtok): user > "andytest" does not exist in /etc/passwd > > Mar 22 10:57:29 rhel6-test2 passwd: pam_unix(passwd:chauthtok): user > "andytest" does not exist in /etc/passwd > > Mar 22 10:58:01 rhel6-test2 passwd: pam_krb5[25306]: password change > failed for [email protected]: Cannot contact any KDC for > requested realm > > > > There are no local or network firewalls between the client and the IPA > server, and every other piece of IPA functionality appears to work fine. > > > > On the IPA server itself, I see this in krb5kdc: > > Mar 22 10:57:26 myipa.mydomain krb5kdc[2255](info): no valid preauth > type found: Success > > Mar 22 10:57:26 myipa.mydomain krb5kdc[2255](info): AS_REQ (4 etypes {18 > 17 16 23}) XX.XX.XX.XX: PREAUTH_FAILED: [email protected] for > kadmin/[email protected], Preauthentication failed > > Mar 22 10:57:26 myipa.mydomain krb5kdc[2255](info): AS_REQ (4 etypes {18 > 17 16 23}) XX.XX.XX.XX: NEEDED_PREAUTH: [email protected] for > kadmin/[email protected], Additional pre-authentication required > > Mar 22 10:57:26 myipa.mydomain krb5kdc[2255](info): AS_REQ (4 etypes {18 > 17 16 23}) XX.XX.XX.XX: ISSUE: authtime 1300787846, etypes {rep=18 > tkt=18 ses=18}, [email protected] for > kadmin/[email protected] > > > > nsswitch.conf has the usual stuff: > > > > passwd: files ldap > > shadow: files ldap > > group: files ldap > > > > I'm not sure what else to check. > > > > Andy > > > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users
-- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
