Professional Documents
Culture Documents
Unable To Reset The Password of IPA Users. - Red Hat Customer Portal PDF
Unable To Reset The Password of IPA Users. - Red Hat Customer Portal PDF
C U S T O M E R (https://access.redhat.com/)
P O R TA L
Environment
Red Hat Enterprise Linux 7.x
IPA/IDM
Issue
Unable to reset password of ipa users .
Resolution
Reset the kerberos principal-expiration.
e.g :-
https://access.redhat.com/solutions/3678111 1/6
2/14/2020 Unable to reset the password of IPA users. - Red Hat Customer Portal
Root Cause
https://access.redhat.com/solutions/3678111 2/6
2/14/2020 Unable to reset the password of IPA users. - Red Hat Customer Portal
The account isn't supposed to have the kerberos principal expiration set.
C U S T O M E R (https://access.redhat.com/)
P O R TA L
Diagnostic Steps
Verify if account has krbPrincipalExpiration set
https://access.redhat.com/solutions/3678111 3/6
2/14/2020 Unable to reset the password of IPA users. - Red Hat Customer Portal
C U S -D
[root@ipa ~]# ldapsearch M E R (https://access.redhat.com/)
T O "cn=Directory Manager" -b
P O R TA L
uid=tuser,cn=users,cn=accounts,dc=example,dc=com -w secret
# extended LDIF
#
# LDAPv3
# base <uid=tuser,cn=users,cn=accounts,dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
https://access.redhat.com/solutions/3678111 4/6
2/14/2020 Unable to reset the password of IPA users. - Red Hat Customer Portal
objectClass: ipasshuser
C U S T O M E R (https://access.redhat.com/)
objectClass: ipaSshGroupOfPubKeys
P O R TA L
objectClass: mepOriginEntry
objectClass: ipantuserattrs
loginShell: /bin/sh
initials: TU
gecos: Test User
sn: User
homeDirectory: /home/tuser
mail: tuser@example.com
krbPrincipalName: tuser@EXAMPLE.COM
givenName: Test
cn: Test User
ipaUniqueID: 8f7ab80a-db63-11e8-a949-001a4a000804
uidNumber: 815000008
gidNumber: 815000008
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root@ipa ~]#
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions
that Red Hat engineers have created while supporting our customers. To give you the knowledge
you need the instant it becomes available, these articles may be presented in a raw and unedited
form.
CUST
sudo giving error "sudo: O M E R (https://access.redhat.com/)
pam_open_session: System error"
P O R TA L
Solution - Nov 6, 2018
How to provide minimal rights/privileges to normal IPA user to change password for other
IPA users like default IPA admin
Comments
https://access.redhat.com/solutions/3678111 6/6