On Fri, Apr 19, 2019 at 03:39:42PM -0000, soham chakraborty wrote: > Hi, > > I have the following issue. > > 1) I have created a new user in AD. > 2) When forcing user to change password at next logon in AD, password change > does not work from the Linux client.
Hi, in general this should work. Can you send the PAM related message from /var/log/secure or the journal from the time you try to log in when "Change password at next login" is set? bye, Sumit > > But, if I don't force the user to change password at next logon in AD, then > after logging in, I can change password of the user with passwd command. > > Is this normal? If not, why is this happening? > > My sssd.conf file is: > > # cat /etc/sssd/sssd.conf > > [sssd] > domains = ad.corp.org > config_file_version = 2 > services = nss, pam, ssh > debug_level = 9 > > [pam] > pam_pwd_expiration_warning = 7 > offline_credentials_expiration = 5 > debug_level = 9 > > [domain/ad.corp.org] > id_provider = ad > auth_provider = ad > chpass_provider = ad > access_provider = simple > ad_server = ad-server1, ad-server2, ad-server3 > cache_credentials = true > krb5_store_password_if_offline = true > default_shell = /bin/bash > ldap_id_mapping = True > use_fully_qualified_names = false > fallback_homedir = /home/%u > simple_allow_groups = foo, bar, baz > debug_level = 9 > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
