Problem with Kerberos Authentication

wxiluo · 09-24-2009, 03:01 AM

Dear all,

I successfully installed FreeIPA this morning. Now I got a problem about Kerberos Authentication. New user cannot modify their password in shell.

I added a new user named haha(group: ipauser) based on the webUI. This user is not a existed system user. Then I added a new Delegations(allow people in group ipauser can modify password for group ipauser) .

Code:

[michael@freeipa Desktop]$ su - haha
Password:
Warning: Your password will expire in less than one hour.
Warning: password has expired.
Kerberos 5 Password:
Warning: Your password will expire in less than one hour.
New UNIX password:
Retype new UNIX password:
su: incorrect password

[michael@freeipa Desktop]$ su - root
Password:

[root@freeipa ~]# su - haha
su: warning: cannot change directory to /home/haha: No such file or directory

-sh-3.2$

Root can su - haha successfully. I think that means the Kerberos works, but new user cannot reset their password in their shell.

What should I do?

Best Regards,
Michael

Matey · 09-24-2009, 05:57 AM

we have samba :

samba:~# smbpasswd username
New SMB password:
Retype new SMB password:

This will update the samba (windows) password information. Now we change the kerberos info to allow unix authentication as well:

kerberos:~# kadmin.local
Authenticating as principal root/domain.whatever with password.
kadmin.local: cpw username
Enter password for principal "username":
Re-enter password for principal "username":
Password for "username@domain.whatever" changed