Hi to all,
I currently have setup a freeipa server on a virtual machine and have some
issues I just want to be cleared with.
My setup is as follows:
I have tweaked the /etc/hosts file to register the hostname and ip address of
the machine to where I have installed the server.
Then, I installed the ipa server from yum and have successfully created my
realm and directory server. I have used the -N option to disable the
configuration and installation of the NTP server. I have configured the
/etc/ntp.conf to synchronize the time with our own ntp server.
After the installation, I configured the browser to enable the webgui. I have
successfully done this, and have accessed the administrator page after
obtaining the admin ticket. Now I tried to create a test user. This test user
has sufficient required entries for an account to be created. Now that the user
is existing, the page issued that the users password has expired. I know this
is a security feature. I then tried to kinit with the test user, it asked for
the password and I, in return, supplied the password from which is identical
from the password I supplied during the creation of the test user. Kinit
outputs with an error kinit(v5): Password incorrect while getting initial
credentials.
I looked up for the krb5kdc.log and found these:
Jul 29 10:40:06 xx.xxx.xxx.xxx krb5kdc[1478](info): AS_REQ (7 etypes {18 17 16
23 1 3 2}) 202.90.157.229: CLIENT KEY EXPIRED: he...@xxx.xxx.xxx.xxx for
krbtgt/xxx.xxx.xxx....@xxx.xxx.xxx.xxx, Password has expired.
I just X'ed out our realm and the hostname of the machine.
Isn't it that the password that was supplied during the registration of a user
is supposed to be his kerberos password too?
What seemed to be the problem?
Thanks
John Robert Mendoza
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
