[Freeipa-users] User Migrated from LDAP not able to change the password
Martin Kosek
mkosek at redhat.com
Fri Feb 8 07:44:12 UTC 2013
On 02/08/2013 07:43 AM, Rajnesh Kumar Siwal wrote:
> We migrated the users from openldap to IPA.
> We are getting the following error after the User has been migrated
> (after he changes the password through https://ipa1/ipa/migration/)
> and he tries to change passwd :-
> Account is not locked and Kerberos credentials seems to be present
> (created by ipa/migration)
>
> $ ssh siwal at 1.1.1.1
> siwal at 172.31.254.204's password:
> Warning: Your password will expire in less than one hour.
> Password expired. Change your password now.
> Last login: Fri Feb 8 09:28:41 2013 from 1.1.1.2
> WARNING: Your password has expired.
> You must change your password now and login again!
> Changing password for user siwal
> Current Password:
> passwd: Authentication token manipulation error
> Connection to 1.1.1.1 closed.
> --------------------------------------------------------------------------------
> # ipa user-status siwal
> -----------------------
> Account disabled: False
> -----------------------
> Server: ipa1.xyz.dmz
> Failed logins: 0
> Last successful authentication: 2013-02-08T03:59:29Z
> Last failed authentication: N/A
> Time now: 2013-02-08T06:40:18Z
>
> Server: ipa2.xyz.dmz
> Failed logins: 1
> Last successful authentication: 2013-02-08T03:59:20Z
> Last failed authentication: 2013-02-08T03:59:33Z
> Time now: 2013-02-08T06:40:18Z
> ----------------------------
> Number of entries returned 2
> ----------------------------
> # ipa user-show vinay
> User login: siwal
> Home directory: /home/siwal
> Login shell: /bin/bash
> UID: 522
> GID: 522
> Account disabled: False
> Password: True
> Kerberos keys available: True
>
Hello Rajnesh,
can you show your user password policy?
# ipa pwpolicy-show
I would be also interested to see full user record after the authentication
failure:
# ipa user-show siwal --all --raw
krb* attributes and others may give us some hint what's wrong.
Martin
More information about the Freeipa-users
mailing list