Discussion:
[ovirt-users] IPA-auth: user password expired
Demeter Tibor
2014-11-19 16:46:32 UTC
Permalink
Hi,

I have an IPA server 3.0 on centos 6.6.
I successfully attached to my ovirt cluster.
I can see the users on ovirt user tab, but after auth I always get this error:

Cannot Login. User Password has expired. Use the following URL to change the password: (nothing)

I have try out with different long passwords and different users, but it's same.

Is this version compatible with ovirt 3.5?

What did I wrong?

Thanks in advance,
Tibor
Alon Bar-Lev
2014-11-19 16:55:04 UTC
Permalink
----- Original Message -----
Sent: Wednesday, November 19, 2014 6:46:32 PM
Subject: [ovirt-users] IPA-auth: user password expired
Hi,
I have an IPA server 3.0 on centos 6.6.
I successfully attached to my ovirt cluster.
Cannot Login. User Password has expired. Use the following URL to change the
password: (nothing)
I have try out with different long passwords and different users, but it's same.
Is this version compatible with ovirt 3.5?
What did I wrong?
Logs will be nice /var/log/ovirt-engine/engine.log.
Also testing the new ovirt-engine-extension-aaa-ldap provider from 3.5 snapshots repo will be nice[1]

[1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD
Ekin Meroğlu
2014-11-19 17:32:12 UTC
Permalink
Hi Tibor,
Post by Demeter Tibor
Hi,
I have an IPA server 3.0 on centos 6.6.
I successfully attached to my ovirt cluster.
Cannot Login. User Password has expired. Use the following URL to change
the password: (nothing)
I have try out with different long passwords and different users, but it's same.
​Did you try accessing a regular linux client with the same account? In
IPA, new user passwords are always set as expired by design - please see
[1].

To test this, you can try to login a client. If it is really expired,
system will ask you to provide a new password. After this, you'll be able
to login RHEVM with the new password you've just set.

​[1]
http://www.freeipa.org/page/New_Passwords_Expired​

Regards,
--
Ekin
Demeter Tibor
2014-11-19 18:38:55 UTC
Permalink
Hi,

I don't have linux client.
Can I change password without this?

Thanks,

Tibor

----- Eredeti ÃŒzenet -----
Post by Ekin Meroğlu
Hi Tibor,
Post by Demeter Tibor
Hi,
I have an IPA server 3.0 on centos 6.6.
I successfully attached to my ovirt cluster.
Cannot Login. User Password has expired. Use the following URL to change
the
password: (nothing)
I have try out with different long passwords and different users, but it's same.
​Did you try accessing a regular linux client with the same account? In IPA,
new user passwords are always set as expired by design - please see [1].
To test this, you can try to login a client. If it is really expired, system
will ask you to provide a new password. After this, you'll be able to login
RHEVM with the new password you've just set.
​[1]
http://www.freeipa.org/page/New_Passwords_Expired ​
Regards,
--
Ekin
Ekin Meroğlu
2014-11-19 18:50:34 UTC
Permalink
Hi,

An ldappasswd command would change it without setting as expired. It will
prompt twice for the account password you'll set, and the password for the
directory manager once:

$ ldappasswd -ZZ -D 'cn=directory manager' -W -S
uid=USERNAME,cn=users,cn=accounts,dc=example,dc=org -H ldap://
ipaserver.example.org

You'll need to set the username (USERNAME) domain (example.org) and server
FQDN accordingly.

Hope this helps,
Post by Demeter Tibor
Hi,
I don't have linux client.
Can I change password without this?
Thanks,
Tibor
------------------------------
Hi Tibor,
Post by Demeter Tibor
Hi,
I have an IPA server 3.0 on centos 6.6.
I successfully attached to my ovirt cluster.
Cannot Login. User Password has expired. Use the following URL to change
the password: (nothing)
I have try out with different long passwords and different users, but it's same.
​Did you try accessing a regular linux client with the same account? In
IPA, new user passwords are always set as expired by design - please see
[1].
To test this, you can try to login a client. If it is really expired,
system will ask you to provide a new password. After this, you'll be able
to login RHEVM with the new password you've just set.
​[1]
http://www.freeipa.org/page/New_Passwords_Expired​
Regards,
--
Ekin
--
Ekin Meroğlu *Red Hat Certified Datacenter Specialist*
*linuxera* ÖzgÃŒr Yazılım ÇözÃŒm ve Hizmetleri
*T* +90 (850) 22 LINUX *GSM* +90 (532) 137 77 04
Demeter Tibor
2014-11-20 08:11:06 UTC
Permalink
Hi,

Thank you, that's worked!

Bye

Tibor

----- Eredeti ÃŒzenet -----
Post by Ekin Meroğlu
Hi,
An ldappasswd command would change it without setting as expired. It will
prompt twice for the account password you'll set, and the password for the
$ ldappasswd -ZZ -D 'cn=directory manager' -W -S
uid=USERNAME,cn=users,cn=accounts,dc=example,dc=org -H ldap://
ipaserver.example.org
You'll need to set the username (USERNAME) domain ( example.org ) and server
FQDN accordingly.
Hope this helps,
Post by Demeter Tibor
Hi,
I don't have linux client.
Can I change password without this?
Thanks,
Tibor
Post by Ekin Meroğlu
Hi Tibor,
Post by Demeter Tibor
Hi,
I have an IPA server 3.0 on centos 6.6.
I successfully attached to my ovirt cluster.
Cannot Login. User Password has expired. Use the following URL to change
the
password: (nothing)
I have try out with different long passwords and different users, but
it's
same.
​Did you try accessing a regular linux client with the same account? In IPA,
new user passwords are always set as expired by design - please see [1].
To test this, you can try to login a client. If it is really expired, system
will ask you to provide a new password. After this, you'll be able to login
RHEVM with the new password you've just set.
​[1]
http://www.freeipa.org/page/New_Passwords_Expired ​
Regards,
--
Ekin
--
Ekin Meroğlu Red Hat Certified Datacenter Specialist
linuxera ÖzgÃŒr Yazılım ÇözÃŒm ve Hizmetleri
T +90 (850) 22 LINUX GSM +90 (532) 137 77 04
Loading...