On 01/12/2015 12:55 PM, Rakesh Rajasekharan wrote:
This is the full log,
Jan 12 17:45:15 10-5-68-5 sshd[29753]: pam_sss(sshd:account): User
info message: Password expired. Change your password now.
Jan 12 17:45:15 10-5-68-5 sshd[29753]: Accepted password for
hq-testuser from 10.5.68.184 port 54048 ssh2
Jan 12 17:45:16 10-5-68-5 sshd[29753]: pam_unix(sshd:session): session
opened for user hq-testuser by (uid=0)
Jan 12 17:45:16 10-5-68-5 passwd: pam_unix(passwd:chauthtok): user
"hq-testuser" does not exist in /etc/passwd
Jan 12 17:45:35 10-5-68-5 passwd: pam_unix(passwd:chauthtok): user
"hq-testuser" does not exist in /etc/passwd
Jan 12 17:45:41 10-5-68-5 passwd: pam_sss(passwd:chauthtok): Password
change failed for user hq-testuser: 22 (Authentication token lock busy)
Jan 12 17:45:43 10-5-68-5 sshd[30329]: Received disconnect from
10.5.68.184 <http://10.5.68.184>: 11: disconnected by user
Jan 12 17:45:43 10-5-68-5 sshd[29753]: pam_unix(sshd:session): session
closed for user hq-testuser
>> Does it happen for all users or only users that you migrated?
Yes it happens for all, I created a new user ( hq-testuser) is a
fresh one that I created.
I found a workaround for this , users are able to successfully change
the password by connecting to the IPA master server.
So, its only the ipa clients that have the issue.
Does it work for the same user from the client if you reset password on
the server, authenticate from the client and then force reset again on
the server?
Can you add a new client and see whether it works there?
Have you tried re-installing the client?
Thanks,
Rakesh
On Mon, Jan 12, 2015 at 10:57 PM, Jakub Hrozek <jhro...@redhat.com
<mailto:jhro...@redhat.com>> wrote:
On Mon, Jan 12, 2015 at 04:01:32PM +0530, Rakesh Rajasekharan wrote:
> under /var/log/secure.. have this error
> passwd: pam_sss(passwd:chauthtok): Password change failed for user
> hq-testuser: 22 (Authentication token lock busy)
It looks like the log was trucated, can you post more context?
Authentication token lock busy usually means the kadmin servers were
offline..
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project