Figured out the problem. For future reference, a more informative log entry 
appeared in /var/log/dirsrv/slapd-<domain>/errors:

Entry "uid=ian,cn=users,cn=accounts,dc=sbgrid,dc=org" has unknown object class 

Sure enough, when I upgraded our old (v1) FreeIPA server I had to add some 
schema because "radiusprofile" was a previously-included objectClass. I guess 
the upgraded server didn't include that schema. After ldapmodifying the user 
accounts to remove that objectClass, we're back in business.


On Jan 4, 2012, at 6:32 PM, Ian Levesque wrote:

> Hello,
> I've upgraded a FreeIPA server to RHEL 6.2 (from 6.1), putting me at version 
> 2.1.3-9. Since the upgrade, I haven't been able to change any existing 
> passwords, all I get is an "Authentication token manipulation error". 
> Newly-created accounts don't have this problem. I /can/ login using my 
> existing password, but one user's password is expired and is effectively 
> locked out until I can figure this out. Any ideas?
> Best,
> Ian

Freeipa-users mailing list

Reply via email to