10:39 a.m.
Hi,
I have the following issue.
1) I have created a new user in AD.
2) When forcing user to change password at next logon in AD, password change does not work
from the Linux client.
But, if I don't force the user to change password at next logon in AD, then after
logging in, I can change password of the user with passwd command.
Is this normal? If not, why is this happening?
My sssd.conf file is:
# cat /etc/sssd/sssd.conf
[sssd]
domains = ad.corp.org
config_file_version = 2
services = nss, pam, ssh
debug_level = 9
[pam]
pam_pwd_expiration_warning = 7
offline_credentials_expiration = 5
debug_level = 9
[domain/ad.corp.org]
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = simple
ad_server = ad-server1, ad-server2, ad-server3
cache_credentials = true
krb5_store_password_if_offline = true
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = false
fallback_homedir = /home/%u
simple_allow_groups = foo, bar, baz
debug_level = 9
6:29 a.m.
New subject: password change fails for user with 'change password on next login' selected in AD
On Fri, Apr 19, 2019 at 03:39:42PM -0000, soham chakraborty wrote:
Hi,
I have the following issue.
1) I have created a new user in AD.
2) When forcing user to change password at next logon in AD, password change does not
work from the Linux client.
Hi,
in general this should work. Can you send the PAM related message from
/var/log/secure or the journal from the time you try to log in when
"Change password at next login" is set?
bye,
Sumit
>
> But, if I don't force the user to change password at next logon in AD, then after
logging in, I can change password of the user with passwd command.
>
> Is this normal? If not, why is this happening?
>
> My sssd.conf file is:
>
> # cat /etc/sssd/sssd.conf
>
> [sssd]
> domains = ad.corp.org
> config_file_version = 2
> services = nss, pam, ssh
> debug_level = 9
>
> [pam]
> pam_pwd_expiration_warning = 7
> offline_credentials_expiration = 5
> debug_level = 9
>
> [domain/ad.corp.org]
> id_provider = ad
> auth_provider = ad
> chpass_provider = ad
> access_provider = simple
> ad_server = ad-server1, ad-server2, ad-server3
> cache_credentials = true
> krb5_store_password_if_offline = true
> default_shell = /bin/bash
> ldap_id_mapping = True
> use_fully_qualified_names = false
> fallback_homedir = /home/%u
> simple_allow_groups = foo, bar, baz
> debug_level = 9
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
7:30 a.m.
New subject: password change fails for user with 'change password on next login' selected in AD
Hi Sumit,
I re-tested and this problem is now fixed. I think this was because of some fat finger
from my side.
Thanks for replying.
7:54 a.m.
New subject: password change fails for user with 'change password on next login' selected in AD
On Thu, May 02, 2019 at 12:30:31PM -0000, soham chakraborty wrote:
Hi Sumit,
I re-tested and this problem is now fixed. I think this was because of some fat finger
from my side.
Glad it is working now. Thanks for the feedback.
bye,
Sumit
>
> Thanks for replying.
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
739
days inactive
752
days old
sssd-users@lists.fedorahosted.org
3 comments
2 participants
participants (2)
-
soham chakraborty -
Sumit Bose