Firewall issue?  Maybe do a tcpdump on one of the machines while trying this?

On Feb 16, 2012, at 10:10 PM, Kelvin Edmison wrote:

> Hi all,
> 
> I am trying to roll out ipa as our central authentication system, and am
> running into problems with password changes on CentOS 5.
> 
> Scenario: 
> Admin user resets a user's password.
> The user, on a non-IPA-managed system, logs into a CentOS 5 server
> (IPA-managed) via ssh.  The temporary password is accepted and the user is
> immediately prompted to change the password, but the password change fails
> with the message 'System is offline, password change not possible'.
> 
> $ ssh kelvin@testhost
> kelvin@testhost's password:
> Warning: Your password will expire in less than one hour.
> Password expired. Change your password now.
> Last login: Thu Feb 16 21:54:59 2012 from vpn
> WARNING: Your password has expired.
> You must change your password now and login again!
> Changing password for user kelvin.
> Current Password: 
> New UNIX password: 
> Retype new UNIX password:
> System is offline, password change not possible
> Warning: Your password will expire in less than one hour.
> Warning: Your password will expire in less than one hour.
> passwd: Authentication token manipulation error
> Connection to testhost closed.
> 
> What am I missing?  Can someone please help me get this working?
> 
> Thanks,
>  Kelvin
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to