Hi to all, I currently have setup a freeipa server on a virtual machine and have some issues I just want to be cleared with.
My setup is as follows: I have tweaked the /etc/hosts file to register the hostname and ip address of the machine to where I have installed the server. Then, I installed the ipa server from yum and have successfully created my realm and directory server. I have used the -N option to disable the configuration and installation of the NTP server. I have configured the /etc/ntp.conf to synchronize the time with our own ntp server. After the installation, I configured the browser to enable the webgui. I have successfully done this, and have accessed the administrator page after obtaining the admin ticket. Now I tried to create a test user. This test user has sufficient required entries for an account to be created. Now that the user is existing, the page issued that the users password has expired. I know this is a security feature. I then tried to kinit with the test user, it asked for the password and I, in return, supplied the password from which is identical from the password I supplied during the creation of the test user. Kinit outputs with an error kinit(v5): Password incorrect while getting initial credentials. I looked up for the krb5kdc.log and found these: Jul 29 10:40:06 xx.xxx.xxx.xxx krb5kdc[1478](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 202.90.157.229: CLIENT KEY EXPIRED: he...@xxx.xxx.xxx.xxx for krbtgt/xxx.xxx.xxx....@xxx.xxx.xxx.xxx, Password has expired. I just X'ed out our realm and the hostname of the machine. Isn't it that the password that was supplied during the registration of a user is supposed to be his kerberos password too? What seemed to be the problem? Thanks John Robert Mendoza
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users