I had this issue, but I gave up. I have my users either log into a Linux box to change passwords or use a web based password reset I set up for them.
When your users log in successfully do they have tickets? That's my situation: they can get tickets once they're logged in, but can't change when prompted at login, nor can they change interactively using passwd. If you ever figure anything out let me know, but I spent quite a bit of time on it (once I had the workaround I stopped, though. You may be more persistent.) Good luck, --Jason On Wed, Mar 12, 2014 at 4:52 PM, Rob <robert.ro...@xerox.com> wrote: > > Hi, > > I have configured an AIX 6.1 server to connect to a RHEL 6.5 IPA server. > The > AIX server is configured to use netgroups and all that works for existing > the > users. > > The problem is when a users password expires or when a new user is created. > They cannot change their password > > WARNING: Your password has expired. > You must change your password now and login again! > Changing password for "testuser" > testuser's Old password: > testuser's New password: > Connection to localhost closed. > > The problem seems to be related to not getting a kerberos ticket as kinit > can > be used to change the password. > > Logging is enabled but no logs ever get updated > > [logging] > kdc = FILE:/var/krb5/log/krb5kdc.log > admin_server = FILE:/var/krb5/log/kadmin.log > kadmin_local = FILE:/var/krb5/log/kadmin_local.log > default = FILE:/var/krb5/log/krb5lib.log > > Anybody ever come across this? Or know how to get logging working? > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users