On 03/22/2011 06:11 AM, Andy Singleton wrote:
> Hello,
>
>  
>
> I am trying to install a rhel6 machine with the ipa-1.2.2 client.
>
> Everything appears to work fine, with the exception of updating users
> passwords from the client.
>
>  
>
> >From the user perspective, I get this:
>
>  
>
> Changing password for user andytest.
>
> Kerberos 5 Password: 
>
> New password: 
>
> Retype new password: 
>
> passwd: Authentication token manipulation error
>
>  
>
> >From the local secure log, I see this:
>
>  
>
> Mar 22 10:57:19 rhel6-test2 passwd: pam_unix(passwd:chauthtok): user
> "andytest" does not exist in /etc/passwd
>
> Mar 22 10:57:29 rhel6-test2 passwd: pam_unix(passwd:chauthtok): user
> "andytest" does not exist in /etc/passwd
>
> Mar 22 10:58:01 rhel6-test2 passwd: pam_krb5[25306]: password change
> failed for andyt...@live.tipp24.net: Cannot contact any KDC for
> requested realm
>
>  
>
> There are no local or network firewalls between the client and the IPA
> server, and every other piece of IPA functionality appears to work fine.
>
>  
>
> On the IPA server itself, I see this in krb5kdc:
>
> Mar 22 10:57:26 myipa.mydomain krb5kdc[2255](info): no valid preauth
> type found: Success
>
> Mar 22 10:57:26 myipa.mydomain krb5kdc[2255](info): AS_REQ (4 etypes {18
> 17 16 23}) XX.XX.XX.XX: PREAUTH_FAILED: andyt...@live.tipp24.net for
> kadmin/chang...@live.tipp24.net, Preauthentication failed
>
> Mar 22 10:57:26 myipa.mydomain krb5kdc[2255](info): AS_REQ (4 etypes {18
> 17 16 23}) XX.XX.XX.XX: NEEDED_PREAUTH: andyt...@live.tipp24.net for
> kadmin/chang...@live.tipp24.net, Additional pre-authentication required
>
> Mar 22 10:57:26 myipa.mydomain krb5kdc[2255](info): AS_REQ (4 etypes {18
> 17 16 23}) XX.XX.XX.XX: ISSUE: authtime 1300787846, etypes {rep=18
> tkt=18 ses=18}, andyt...@live.tipp24.net for
> kadmin/chang...@live.tipp24.net
>
>  
>
> nsswitch.conf has the usual stuff:
>
>  
>
> passwd:     files ldap
>
> shadow:     files ldap
>
> group:      files ldap
>
>  
>
> I'm not sure what else to check.
>
>  
>
> Andy
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to