Hello! I'm not entirely sure what is going on. The logs just say, that the credentials are incorrect, at that step, please make sure, that the date and time are synced on those machines. When logging in, you are expected to use username and password, when using OTP, this actually means password+OTP. Then when prompted for password change, supply just password for the password and OTP goes to the bottom input (I always wait for another token at this step).
Is it a new problem, when has it appeared? Or was this feature broken for you always? > We have tested with OTP Tokens disabled, and adding just "Password" to the > login methods. > If we reset the password, and then manually set "krbPasswordExpiration" to > sometime in the future using ipa user-mod, users can login, and then change > their passwords from within the UI itself, it appears to only be the change > password on login flow that is causing problems. Is this with OTP token or without? Regards, David -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
