This repository has been archived by the owner on Jan 10, 2021. It is now read-only.
IPA Server Port 464 not enabled for KPASSWD Reset #5
Assignees
Labels
enhancement
New feature or request
Comments
|
Would you mind creating a pull request for this change? |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
When getting a ticket from KDC using a user account with expired password, user will be prompt to reset password via kpasswd protocol which communicates via port 464.
IPA Server does not have that port permitted, resulting in the password changing to fail.
The user will not be able to login.
Reproduce Issue
Install the 4 Virtual Machines from the repository. Ensure the IPA Server and client machine is up.
Set System1 IP Address as 192.168.55.21/24 and set it to use LDAP + Kerberos authentication against ipa.test.example.com.
(Base DN: dc=test,dc=example,dc=com | Kerberos Realm: TEST.EXAMPLE.COM)
Login to user lisa and request a ticket via kinit.
Should be prompted to reset password and unsuccessful in contacting any KDC Error message.
Below is a pcap file recorded on the IPA Server and a screenshot of the output.
attachment.zip
The text was updated successfully, but these errors were encountered: