This is what the kerberos (kadmin.log) shows on the relevant IPA server.
Nov 19 17:29:54 axinfra02-1.cl.atix kadmind[18851](Error): password
quality module empty rejected password for tu...@cl.atix: Empty
passwords are not allowed
Nov 19 17:29:54 axinfra02-1.cl.atix kadmind[18851](Notice): chpw request
from 192.168.3.231 for tu...@cl.atix: Password is too short
I could only enter the old password the new one was never queried.
Any idea?
Thanks
Marc.
Am 19.11.2012 16:57, schrieb Dmitri Pal:
On 11/19/2012 04:37 AM, Marc Grimme wrote:
(Mon Nov 19 10:33:33 2012) [[sssd[krb5_child[19943
[krb5_child_setup] (0x4000): Not using FAST.
(Mon Nov 19 10:33:33 2012) [[sssd[krb5_child[19943 [changepw_child]
(0x0020): krb5_change_password failed [2][Server error].
(Mon Nov 19 10:33:33 2012) [[sssd[krb5_child[19943 [changepw_child]
(0x0020): krb5_change_password failed [2][Password not changed.].
Have you looked at the server Kerberos log?
Do you see an attempt there?
If not there might be a problem accessing kadmin process on the server.
Might be a firewall issue then.
But let us start with the server side.
--
Marc Grimme
Tel: +49 (0)89 452 35 38-140
Fax: +49 (0)89 452 35 38-290
E-Mail: gri...@atix.de
ATIX Informationstechnologie und Consulting AG | Einsteinstrasse 10 |
85716 Unterschleissheim | www.atix.de | www.comoonics.org
Registergericht: Amtsgericht Muenchen, Registernummer: HRB 168930, USt.-Id.:
DE209485962 | Vorstand: Marc Grimme, Mark Hlawatschek, Thomas Merz (Vors.) |
Vorsitzender des Aufsichtsrats: Dr. Martin Buss
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users