On 12/03/14 22:52, Rob wrote:
Hi,

I have configured an AIX 6.1 server to connect to a RHEL 6.5 IPA server. The
AIX server is configured to use netgroups and all that works for existing the
users.

The problem is when a users password expires or when a new user is created.
They cannot change their password

WARNING: Your password has expired.
You must change your password now and login again!
Changing password for "testuser"
testuser's Old password:
testuser's New password:
Connection to localhost closed.

The problem seems to be related to not getting a kerberos ticket as kinit can
be used to change the password.

Logging is enabled but no logs ever get updated

[logging]
         kdc = FILE:/var/krb5/log/krb5kdc.log
         admin_server = FILE:/var/krb5/log/kadmin.log
         kadmin_local = FILE:/var/krb5/log/kadmin_local.log
         default = FILE:/var/krb5/log/krb5lib.log

Anybody ever come across this? Or know how to get logging working?

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

*

I am not familiar with AIX. Just quick tip for what we had to do on Solaris to 
make password changes work - as the issue sounded somewhat familiar... :)

We have to set "kpasswd_protocol = SET_CHANGE" to krb5.conf when used with any 
"non-Solaris KDC".

Perhaps you have a similar setting for AIX?



*

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to