Hi Brian, Lynn, As far as Linux client, this is not my issue for now, I believe the Linux setup is quite straight forward and the password change at first login seems to work without an issue.
My main concern is on Mountain Lion 10.8.x, At this point I've managed to bind the OSX machine to the IPA server without any issue following this guide: http://linsec.ca/Using_FreeIPA_for_User_Authentication#Mac_OS_X_10.7.2F10.8 I also have all the autmounts configured via LDAP using this: https://ssl.apple.com/business/docs/Autofs.pdf on page 16. My main issue right now seems to be at the GUI login. The applet shows up for password change but doesn't seem to do anything. When I press continue the applet comes back and this goes in a loop until I hit "Cancel". My IPA versions are as follows: ipa-admintools.x86_64 3.0.0-26.el6_4.4 ipa-client.x86_64 3.0.0-26.el6_4.4 ipa-gothic-fonts.noarch 003.02-4.2.el6 ipa-mincho-fonts.noarch 003.02-3.1.el6 ipa-pgothic-fonts.noarch 003.02-4.1.el6 ipa-pmincho-fonts.noarch 003.02-3.1.el6 ipa-python.x86_64 3.0.0-26.el6_4.4 ipa-server.x86_64 3.0.0-26.el6_4.4 ipa-server-selinux.x86_64 3.0.0-26.el6_4.4 ipa-server-trust-ad.x86_64 3.0.0-26.el6_4.4 As mentioned in my first post, if I make the password change at the terminal prompt, I am then able to login without a password change prompt. Not sure if I'll be able to go through this issue unless someone as already experienced this. Davis -- Davis Goodman Directeur Informatique | IT Manager 5605 Avenue de Gaspé, Suite 408 | Montréal, QC H2T 2A4 Tél: +1 (514) 360-3253 x104 Cell: +1 (514) 994-7360 On 2013-08-07, at 9:29 , Brian Lee <brian_l...@jabil.com> wrote: > Hi Lynn, > > > I just checked this in my lab setup: > > - Set up a new user on the FreeIPA server as 'ipatest'. > > - Logged in to a Linux client configured for FreeIPA, it prompted me to > change my password. > > - Successfully changed my password for ipatest. Verified this on another > machine. > > - Furthermore, I reset the "Password Policy" min lifetime to 0 and typed > passwd on one of the ipa clients while logged in as ipatest. This worked > without issue. > > I also have FreeIPA set up in the lab with a domain trust to a 2008 R2 AD > server, so I checked to see if the results would be the same. > > - Logged in to FreeIPA client machine as the AD user. > > - Typed passwd, and successfully reset my password. Verified the change in > Windows as well as another IPA client. > > All Linux systems in this test are running CentOS 6.4 x86_64 > FreeIPA server is running ipa-server-3.0.0-26.el6_4.4.x86_64 > FreeIPA clients are running ipa-client-3.0.0-26.el6_4.4.x86_64 > AD Server is running Windows 2008 R2 > > This won't necessarily help with the OS X problem, but maybe it assists with > how it's working on Linux. > > Thanks, > Brian > > > > On Tue, Aug 6, 2013 at 8:25 PM, Lynn Root <lr...@redhat.com> wrote: > > On Aug 6, 2013, at 4:14 PM, KodaK <sako...@gmail.com> wrote: > > > On Tue, Aug 6, 2013 at 4:31 PM, Davis Goodman > > <davis.good...@digital-district.ca> wrote: > >> Hi, > >> > >> I have an FreeIPA server configured, managed to configure a Mountain Lion > >> Client for automounts and user logins. > >> > >> My issue is that whenever I first login with a user the "New Password" box > >> shows up and even if I try to change the password the box keeps > >> reappearing without any success. > >> > >> If I log onto the machine with the local admin user and try to get a > >> ticket for this user I get a "New Password" prompt. From there I can > >> change the password and I get a ticket without an issue. After that I can > >> login through the GUI without being asked for a new password. > >> > >> Anyone has seen this behaviour before? > > > > That's the expected behavior. When you set the user's password as an > > admin, it sets the "force a password change" flag. > > Correct me if I'm wrong, but it's not expect to *not* be able to change the > password on an IPA client after the initial setup, and be forced to use the > IPA Server to re-set the password. Granted, the client is OSX. > > However, I personally have experience the inability to change a new user's > password on an IPA client, and only on the IPA Server. Unfortunately, I've > been trying to reproduce this and I can not. I've tried on Fedora 19, and > will try on RHEL next. > > Davis - Can you let me know your IPA Server and IPA Client versions? As well > as the OS that the IPA Server is on? > > Also, out of curiosity, do you have directions on how you set up the client > on Mac OSX? > > Thanks! > > Lynn Root > > > > Lynn Root > @roguelynn > Associate Software Engineer > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
