Figured out the problem. For future reference, a more informative log entry appeared in /var/log/dirsrv/slapd-<domain>/errors:
Entry "uid=ian,cn=users,cn=accounts,dc=sbgrid,dc=org" has unknown object class "radiusprofile" Sure enough, when I upgraded our old (v1) FreeIPA server I had to add some schema because "radiusprofile" was a previously-included objectClass. I guess the upgraded server didn't include that schema. After ldapmodifying the user accounts to remove that objectClass, we're back in business. ~irl On Jan 4, 2012, at 6:32 PM, Ian Levesque wrote: > Hello, > > I've upgraded a FreeIPA server to RHEL 6.2 (from 6.1), putting me at version > 2.1.3-9. Since the upgrade, I haven't been able to change any existing > passwords, all I get is an "Authentication token manipulation error". > Newly-created accounts don't have this problem. I /can/ login using my > existing password, but one user's password is expired and is effectively > locked out until I can figure this out. Any ideas? > > Best, > Ian _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
