hi all,
i have got sssd on a centos 7 vm and i have got it working
https://www.linuxtechi.com/integrate-rhel7-centos7-windows-active-directory/
as when i do
id AD_user
it comes up with the uid, gid and all the group members that user belongs to also they can login on the logon page using there AD accounts
but when they open up a terminal window i want it so they can change there passwords
i have added to my "/etc/sssd/sssd.conf" file these two lines from this link
https://linux.die.net/man/5/sssd.conf
pwd_expiration_warning = 7
chpass_provider = ad
but they get this error when they try to change there passwords
[robert.wild@lon-p-xrdp01 ~]$ passwd Changing password for user robert.wild. Current Password: New password: Retype new password: Password change failed. Server message: Please make sure the password meets the complexity constraints. passwd: Authentication token manipulation error [robert.wild@lon-p-xrdp01 ~]$
but i know i do meet the password requirements as i have added 13 characters including upper/lower/numbers/special characters
has anyone got sssd to change user passwords
thanks,
rob
On Thu, Feb 07, 2019 at 11:29:48PM -0000, robert wild wrote:
hi all,
i have got sssd on a centos 7 vm and i have got it working
https://www.linuxtechi.com/integrate-rhel7-centos7-windows-active-directory/
as when i do
id AD_user
it comes up with the uid, gid and all the group members that user belongs to also they can login on the logon page using there AD accounts
but when they open up a terminal window i want it so they can change there passwords
i have added to my "/etc/sssd/sssd.conf" file these two lines from this link
https://linux.die.net/man/5/sssd.conf
pwd_expiration_warning = 7
chpass_provider = ad
but they get this error when they try to change there passwords
[robert.wild@lon-p-xrdp01 ~]$ passwd Changing password for user robert.wild. Current Password: New password: Retype new password: Password change failed. Server message: Please make sure the password meets the complexity constraints. passwd: Authentication token manipulation error [robert.wild@lon-p-xrdp01 ~]$
but i know i do meet the password requirements as i have added 13 characters including upper/lower/numbers/special characters
has anyone got sssd to change user passwords
thanks,
rob
krb5_child.log might have some more useful information..
do i have to put down this under my domain section part in "/etc/sssd/sssd.conf"
debug_level = 10
On Fri, Feb 08, 2019 at 04:32:35PM -0000, robert wild wrote:
do i have to put down this under my domain section part in "/etc/sssd/sssd.conf"
debug_level = 10
yes, see: https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
thanks for that Jakub much appreciated
in the end there was no problem, i just restarted my centos 7 vm and it started to work, wierd!!!
how do i see the password expiration warning, where does it appear when i log in my centos vm, do i need to open up terminal and type in a command to see it?
Are you certain that passwd: Authentication token manipulation error
is arising from pam_sss and not from another pam module in the "password" phase of your pam stack?
Spike
On Sun, Feb 10, 2019 at 1:10 PM Jakub Hrozek jhrozek@redhat.com wrote:
On Fri, Feb 08, 2019 at 04:32:35PM -0000, robert wild wrote:
do i have to put down this under my domain section part in
"/etc/sssd/sssd.conf"
debug_level = 10
yes, see: https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
sssd-users@lists.fedorahosted.org
-
Jakub Hrozek -
robert wild -
Spike White