39 lines
1.2 KiB
Markdown
39 lines
1.2 KiB
Markdown
|
---
|
|||
|
layout: post
|
|||
|
title: "Fedora can’t change Active Directory password via kpasswd"
|
|||
|
date: 2013-03-05 08:55:04+00:00
|
|||
|
tags: [fedora, kerberos, active-directory]
|
|||
|
permalink: /blog/2013/3/5/fedora-can-t-change-active-directory-password-via-kpasswd
|
|||
|
published: true
|
|||
|
author:
|
|||
|
name: Gergely Polonkai
|
|||
|
email: gergely@polonkai.eu
|
|||
|
---
|
|||
|
|
|||
|
I wanted to change my AD password today. As the AD is actually a Kerberos
|
|||
|
server, I was pretty sure that `kpasswd` will do the trick. However, `kpasswd`
|
|||
|
output looked like this:
|
|||
|
|
|||
|
$ kpasswd
|
|||
|
Password for polonkai.gergely@EXAMPLE.LOCAL:
|
|||
|
Enter new password:
|
|||
|
Enter it again:
|
|||
|
kpasswd: Cannot find KDC for requested realm changing password
|
|||
|
|
|||
|
I’ve checked `kinit` and `klist`, everything looked fine. After a while it came
|
|||
|
to my mind that password changing is done through the kadmin server, not
|
|||
|
through the KDC. It seems that when I set up the Active Directory membership,
|
|||
|
the `admin_server` directive is not get written to `krb5.conf`. So all I had to
|
|||
|
do was to put
|
|||
|
|
|||
|
admin_server = ad.example.local
|
|||
|
|
|||
|
in that file, and voilà!
|
|||
|
|
|||
|
$ kpasswd
|
|||
|
Password for polonkai.gergely@EXAMPLE.LOCAL:
|
|||
|
Enter new password:
|
|||
|
Enter it again:
|
|||
|
Password changed.
|
|||
|
|