Hi,
I have the following issue.
1) I have created a new user in AD. 2) When forcing user to change password at next logon in AD, password change does not work from the Linux client.
But, if I don't force the user to change password at next logon in AD, then after logging in, I can change password of the user with passwd command.
Is this normal? If not, why is this happening?
My sssd.conf file is:
# cat /etc/sssd/sssd.conf
[sssd] domains = ad.corp.org config_file_version = 2 services = nss, pam, ssh debug_level = 9
[pam] pam_pwd_expiration_warning = 7 offline_credentials_expiration = 5 debug_level = 9
[domain/ad.corp.org] id_provider = ad auth_provider = ad chpass_provider = ad access_provider = simple ad_server = ad-server1, ad-server2, ad-server3 cache_credentials = true krb5_store_password_if_offline = true default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = false fallback_homedir = /home/%u simple_allow_groups = foo, bar, baz debug_level = 9
On Fri, Apr 19, 2019 at 03:39:42PM -0000, soham chakraborty wrote:
Hi,
I have the following issue.
- I have created a new user in AD.
- When forcing user to change password at next logon in AD, password change does not work from the Linux client.
Hi,
in general this should work. Can you send the PAM related message from /var/log/secure or the journal from the time you try to log in when "Change password at next login" is set?
bye, Sumit
But, if I don't force the user to change password at next logon in AD, then after logging in, I can change password of the user with passwd command.
Is this normal? If not, why is this happening?
My sssd.conf file is:
# cat /etc/sssd/sssd.conf
[sssd] domains = ad.corp.org config_file_version = 2 services = nss, pam, ssh debug_level = 9
[pam] pam_pwd_expiration_warning = 7 offline_credentials_expiration = 5 debug_level = 9
[domain/ad.corp.org] id_provider = ad auth_provider = ad chpass_provider = ad access_provider = simple ad_server = ad-server1, ad-server2, ad-server3 cache_credentials = true krb5_store_password_if_offline = true default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = false fallback_homedir = /home/%u simple_allow_groups = foo, bar, baz debug_level = 9 _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
Hi Sumit,
I re-tested and this problem is now fixed. I think this was because of some fat finger from my side.
Thanks for replying.
On Thu, May 02, 2019 at 12:30:31PM -0000, soham chakraborty wrote:
Hi Sumit,
I re-tested and this problem is now fixed. I think this was because of some fat finger from my side.
Glad it is working now. Thanks for the feedback.
bye, Sumit
Thanks for replying. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
sssd-users@lists.fedorahosted.org
-
soham chakraborty -
Sumit Bose