42 lines
1.3 KiB
ReStructuredText
42 lines
1.3 KiB
ReStructuredText
|
Fedora can’t change Active Directory password via kpasswd
|
|||
|
#########################################################
|
|||
|
|
|||
|
:date: 2013-03-05T08:55:04Z
|
|||
|
:category: blog
|
|||
|
:tags: fedora,kerberos,active-directory
|
|||
|
:url: blog/2013/3/5/fedora-can-t-change-active-directory-password-via-kpasswd.html
|
|||
|
:save_as: blog/2013/3/5/fedora-can-t-change-active-directory-password-via-kpasswd.html
|
|||
|
:status: published
|
|||
|
:author: Gergely Polonkai
|
|||
|
|
|||
|
I wanted to change my AD password today. As the AD is actually a Kerberos server, I was pretty
|
|||
|
sure that ``kpasswd`` will do the trick. However, ``kpasswd`` output looked like this:
|
|||
|
|
|||
|
.. code-block:: output
|
|||
|
|
|||
|
$ kpasswd
|
|||
|
Password for polonkai.gergely@EXAMPLE.LOCAL:
|
|||
|
Enter new password:
|
|||
|
Enter it again:
|
|||
|
kpasswd: Cannot find KDC for requested realm changing password
|
|||
|
|
|||
|
I’ve checked ``kinit`` and ``klist``, everything looked fine. After a while it came
|
|||
|
to my mind that password changing is done through the kadmin server, not
|
|||
|
through the KDC. It seems that when I set up the Active Directory membership,
|
|||
|
the ``admin_server`` directive is not get written to ``krb5.conf``. So all I had to
|
|||
|
do was to put
|
|||
|
|
|||
|
.. code-block:: conf
|
|||
|
|
|||
|
admin_server = ad.example.local
|
|||
|
|
|||
|
in that file, and voilà!
|
|||
|
|
|||
|
.. code-block:: output
|
|||
|
|
|||
|
$ kpasswd
|
|||
|
Password for polonkai.gergely@EXAMPLE.LOCAL:
|
|||
|
Enter new password:
|
|||
|
Enter it again:
|
|||
|
Password changed.
|