under /var/log/secure.. have this error passwd: pam_sss(passwd:chauthtok): Password change failed for user hq-testuser: 22 (Authentication token lock busy)
On Mon, Jan 12, 2015 at 3:25 PM, Rakesh Rajasekharan < [email protected]> wrote: > This is what I get now a=in the krb5_child.log after setting the > debug_level > > Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [unpack_buffer] > (0x0100): ccname: [FILE:/tmp/krb5cc_710600001_XXXXXX] keytab: > [/etc/krb5.keytab] > (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] > from environment. > (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from > environment. > (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] > [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true] > (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [k5c_setup_fast] > (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/ > [email protected])] > (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [match_principal] > (0x1000): Principal matched to the sample (host/ > [email protected]). > (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [check_fast_ccache] > (0x0200): FAST TGT is still valid. > (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [main] (0x0400): > Will perform password change > (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [changepw_child] > (0x1000): Password change operation > (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [changepw_child] > (0x0400): Attempting kinit for realm [TEST.COM] > > > > On Mon, Jan 12, 2015 at 2:31 PM, Lukas Slebodnik <[email protected]> > wrote: > >> On (12/01/15 14:12), Rakesh Rajasekharan wrote: >> >The sssd version is 1.11.6 >> > >> >The password does not get changed, whatever password gets generated by >> ipa >> >user-mod --random stays valid even after attempting the change. >> > >> >krb5_child.log does not have any contents. >> The logging in sssd is dibsabled by default. You need to increase level of >> verbosity. >> >> Put debug_level = 7 into domain section and restart sssd. >> It is also possible to change debug level on the fly with comand line >> utility >> sss_debuglevel (part of pacakge sssd-tools) >> >> LS >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
