I had sworn that I had faithfully followed the firewall configs, but this was it; thanks! Off to tcpdump to see which port I missed.
Kelvin On 12-02-16 10:21 PM, "Brian Topping" <topp...@codehaus.org> wrote: > Firewall issue? Maybe do a tcpdump on one of the machines while trying this? > > On Feb 16, 2012, at 10:10 PM, Kelvin Edmison wrote: > >> Hi all, >> >> I am trying to roll out ipa as our central authentication system, and am >> running into problems with password changes on CentOS 5. >> >> Scenario: >> Admin user resets a user's password. >> The user, on a non-IPA-managed system, logs into a CentOS 5 server >> (IPA-managed) via ssh. The temporary password is accepted and the user is >> immediately prompted to change the password, but the password change fails >> with the message 'System is offline, password change not possible'. >> >> $ ssh kelvin@testhost >> kelvin@testhost's password: >> Warning: Your password will expire in less than one hour. >> Password expired. Change your password now. >> Last login: Thu Feb 16 21:54:59 2012 from vpn >> WARNING: Your password has expired. >> You must change your password now and login again! >> Changing password for user kelvin. >> Current Password: >> New UNIX password: >> Retype new UNIX password: >> System is offline, password change not possible >> Warning: Your password will expire in less than one hour. >> Warning: Your password will expire in less than one hour. >> passwd: Authentication token manipulation error >> Connection to testhost closed. >> >> What am I missing? Can someone please help me get this working? >> >> Thanks, >> Kelvin >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipaemail@example.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users