Michael Kang wrote:
Dear FreeIPA community,

I did try set the new user's initial password. But it didn't work either. I got a protocol error.

Here is the output of console :

    [r...@freeipa ~]# kinit admin
    Password for ad...@aragon.local:
    [r...@freeipa ~]# ipa-passwd haha
    Changing password for h...@aragon.local
    New Password:
    Confirm Password:
    [r...@freeipa ~]# kinit haha
    Password for h...@aragon.local:
    Password expired. You must change it now.
    Enter new password:
    Enter it again:
    kinit(v5): Requested protocol version not supported while getting
    initial credentials


Sounds like, a Kerberos V4 request was sent to the KDC? What's in the client's krb5.conf?
Jenny


On Tue, Sep 22, 2009 at 9:22 PM, Jenny Galipeau <jgali...@redhat.com <mailto:jgali...@redhat.com>> wrote:

    Jenny Galipeau wrote:


        Michael Kang wrote:

            Dear FreeIPA community,

            I successfully installed FreeIPA this morning. Now I got a
            problem about Kerberos Authentication. New user cannot
            modify their password in shell.

        Hi Michael:
        Did you set the new user's initial password?
        kinit admin
        ipa passwd haha
        Thanks
        Jenny

    Also kinit as haha, because haha will be asked to change the
    password on first authentication.

    Thanks
    Jenny


            I added a new user named /haha(group: ipauser)/ based on
            the webUI. This user is not a existed system user. Then I
            added a new Delegations(allow people in group ipauser can
            modify password for group ipauser) .

            /[mich...@freeipa Desktop]$ su - haha/
            /Password: /

            /Warning: Your password will expire in less than one hour./
            /Warning: password has expired./
            /Kerberos 5 Password: /
            /Warning: Your password will expire in less than one hour./
            /New UNIX password: /
            /Retype new UNIX password: /
            /su: incorrect password/
            /[mich...@freeipa Desktop]$ su - root/
            /Password: /
            /[r...@freeipa ~]# su - haha/
            /su: warning: cannot change directory to /home/haha: No
            such file
            or directory/
            /-sh-3.2$ /


            Root can su - haha successfully. I think that means the
            Kerberos works, but new user cannot reset their password
            in their shell.

            What should I do?

            Best Regards,
            Michael

-- Michael Kang(康上明学)
            There is a giant asleep within every man. When the giant
            awakens,miracles happen.

            Personal blog: http://ufusion.org - United Fusion
            
------------------------------------------------------------------------

            _______________________________________________
            Freeipa-users mailing list
            Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
            https://www.redhat.com/mailman/listinfo/freeipa-users





-- Jenny Galipeau <jgali...@redhat.com <mailto:jgali...@redhat.com>>
    Principal Software QA Engineer
    Red Hat, Inc. Security Engineering




--
Michael Kang(康上明学)
There is a giant asleep within every man. When the giant awakens,miracles happen.

Personal blog: http://ufusion.org - United Fusion


--
Jenny Galipeau <jgali...@redhat.com>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to