I had sworn that I had faithfully followed the firewall configs, but this
was it; thanks!  Off to tcpdump to see which port I missed.

Kelvin


On 12-02-16 10:21 PM, "Brian Topping" <topp...@codehaus.org> wrote:

> Firewall issue?  Maybe do a tcpdump on one of the machines while trying this?
> 
> On Feb 16, 2012, at 10:10 PM, Kelvin Edmison wrote:
> 
>> Hi all,
>> 
>> I am trying to roll out ipa as our central authentication system, and am
>> running into problems with password changes on CentOS 5.
>> 
>> Scenario: 
>> Admin user resets a user's password.
>> The user, on a non-IPA-managed system, logs into a CentOS 5 server
>> (IPA-managed) via ssh.  The temporary password is accepted and the user is
>> immediately prompted to change the password, but the password change fails
>> with the message 'System is offline, password change not possible'.
>> 
>> $ ssh kelvin@testhost
>> kelvin@testhost's password:
>> Warning: Your password will expire in less than one hour.
>> Password expired. Change your password now.
>> Last login: Thu Feb 16 21:54:59 2012 from vpn
>> WARNING: Your password has expired.
>> You must change your password now and login again!
>> Changing password for user kelvin.
>> Current Password:
>> New UNIX password:
>> Retype new UNIX password:
>> System is offline, password change not possible
>> Warning: Your password will expire in less than one hour.
>> Warning: Your password will expire in less than one hour.
>> passwd: Authentication token manipulation error
>> Connection to testhost closed.
>> 
>> What am I missing?  Can someone please help me get this working?
>> 
>> Thanks,
>>  Kelvin
>> 
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
> 

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to