I met with the problem that the user cannot update his own password ipa user-show new User login: new First name: new Last name: new Home directory: /home/new Login shell: /bin/bash Principal name: new@OPENTECH.LOCAL Principal alias: new@OPENTECH.LOCAL Email address: new@e2e4online.ru UID: 346726108 GID: 100 Account disabled: False Password: True Member of groups: ipausers, users Indirect Member of group: jira_users, grafana_users, asterisk_users, perspectiva_rdp, bamboo_users, nexus_users, bitbucket_users, moodle_users, harbor_users, inkass_rdp, desktop, confluence_users, jenkins_users, maven_users, ivideon_users, chat_users, mail_users, nextcloud_users Indirect Member of HBAC rule: login_users Kerberos keys available: True
ipa user-status new ----------------------- Account disabled: False ----------------------- Server: ipareplica1.opentech.local Failed logins: 0 Last successful authentication: N/A Last failed authentication: N/A Time now: 2021-01-12T06:58:47Z
Server: ipareplica2.opentech.local Failed logins: 0 Last successful authentication: N/A Last failed authentication: N/A Time now: 2021-01-12T06:58:47Z
Server: ipa.opentech.local Failed logins: 0 Last successful authentication: N/A Last failed authentication: N/A Time now: 2021-01-12T06:58:47Z ---------------------------- Number of entries returned 3 ----------------------------
ipa -vv passwd ipa: INFO: trying https://ipa.opentech.local/ipa/session/json ipa: INFO: Request: { "id": 0, "method": "ping", "params": [ [], {} ] } ipa: INFO: Response: { "error": null, "id": 0, "principal": "new@OPENTECH.LOCAL", "result": { "messages": [ { "code": 13001, "data": { "server_version": "2.231" }, "message": "API Version number was not sent, forward compatibility not guaranteed. Assuming server's API version, 2.231", "name": "VersionMissing", "type": "warning" } ], "summary": "IPA server version 4.6.6. API version 2.231" }, "version": "4.6.6" } ipa: INFO: [try 1]: Forwarding 'command_defaults/1' to json server 'https://ipa.opentech.local/ipa/session/json' ipa: INFO: Request: { "id": 0, "method": "command_defaults/1", "params": [ [ "passwd/1" ], { "kw": null, "params": [ "principal" ], "version": "2.231" } ] } ipa: INFO: Response: { "error": null, "id": 0, "principal": "new@OPENTECH.LOCAL", "result": { "result": { "principal": "new@OPENTECH.LOCAL" } }, "version": "4.6.6" } ipa: INFO: [try 1]: Forwarding 'command_defaults/1' to json server 'https://ipa.opentech.local/ipa/session/json' ipa: INFO: Request: { "id": 0, "method": "command_defaults/1", "params": [ [ "passwd/1" ], { "kw": { "principal": "new@OPENTECH.LOCAL" }, "params": [ "current_password" ], "version": "2.231" } ] } ipa: INFO: Response: { "error": null, "id": 0, "principal": "new@OPENTECH.LOCAL", "result": { "result": {} }, "version": "4.6.6" } Current Password: New Password: Enter New Password again to verify: ipa: INFO: [try 1]: Forwarding 'command_defaults/1' to json server 'https://ipa.opentech.local/ipa/session/json' ipa: INFO: Request: { "id": 0, "method": "command_defaults/1", "params": [ [ "passwd/1" ], { "kw": null, "params": [ "principal" ], "version": "2.231" } ] } ipa: INFO: Response: { "error": null, "id": 0, "principal": "new@OPENTECH.LOCAL", "result": { "result": { "principal": "new@OPENTECH.LOCAL" } }, "version": "4.6.6" } ipa: INFO: [try 1]: Forwarding 'passwd/1' to json server 'https://ipa.opentech.local/ipa/session/json' ipa: INFO: Request: { "id": 0, "method": "passwd/1", "params": [ [], { "current_password": "test", "password": "123", "version": "2.231" } ] } ipa: INFO: Response: { "error": { "code": 2100, "data": { "info": "Insufficient access rights" }, "message": "Insufficient access: Insufficient access rights", "name": "ACIError" }, "id": 0, "principal": "new@OPENTECH.LOCAL", "result": null, "version": "4.6.6" } ipa: ERROR: Insufficient access: Insufficient access rights
freeipa-users@lists.fedorahosted.org
-
Kiselev Mikhail -
Mikhail Kiselev
-
Rob Crittenden