Karl Forner via FreeIPA-users wrote:
Hi,
The problem started with a user that could not connect with his initial
password from the GUI: Username or password incorrect.
I reset it myself, and tried with the new temp password: idem.
I retried many many times. Same.
I tried creating a new user, same.
In the meantime I realized the admin password had expired.
I could not update it successfully via the command-line, but I could
using the GUI.
I tried many things, but now "ipa user-status" fails for a lot of accounts:
pa: ERROR: xxxxx: user not found
I tried creating a new account from command-line with ipa user-add, then
asks for the status using "ipa user-status", it failed the same way.
What's happening ?
What should I try ?
It sounds like there could be multiple issues. Start with passwords on
the cli.
kinit someuser
If it fails look in /var/log/krb5kdc.log
To get more client-side debug info you can also try
KRB5_TRACE=/dev/stderr kinit <someuser>
I think you'll need to be more specific with what is working and what isn't.
Are all users affected? It doesn't sound like it.
Are all users affected the same way? (e.g. some can log into GUI, some
cli, some both)
What other password behavior do you see?
If you have multiple masters are you having replication issues?
rob
Thanks.
Karl
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...