------=_Part_6727133_325728685.1416415592421 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Hi, I have an IPA server 3.0 on centos 6.6. I successfully attached to my ovirt cluster. I can see the users on ovirt user tab, but after auth I always get this error: Cannot Login. User Password has expired. Use the following URL to change the password: (nothing) I have try out with different long passwords and different users, but it's same. Is this version compatible with ovirt 3.5? What did I wrong? Thanks in advance, Tibor ------=_Part_6727133_325728685.1416415592421 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><body><div style=3D"font-family: times new roman, new york, times, se= rif; font-size: 12pt; color: #000000"><div>Hi,</div><div><br></div><div>I h= ave an IPA server 3.0 on centos 6.6.</div><div>I successfully attached to m= y ovirt cluster. </div><div>I can see the users on ovirt user tab, but= after auth I always get this error:</div><div><span aria-hidden=3D"false" = class=3D"label label-default GLGRQ1ODHEC temp-link-color"><br></span></div>= <div><span aria-hidden=3D"false" class=3D"label label-default GLGRQ1ODHEC t= emp-link-color">Cannot Login. User Password has expired. Use the following = URL to change the password: (nothing)</span></div><div><span aria-hidden=3D= "false" class=3D"label label-default GLGRQ1ODHEC temp-link-color"><br></spa= n></div><div><span aria-hidden=3D"false" class=3D"label label-default GLGRQ= 1ODHEC temp-link-color">I have try out with different long passwords and di= fferent users, but it's same.</span></div><div><span aria-hidden=3D"false" = class=3D"label label-default GLGRQ1ODHEC temp-link-color"><br>Is this versi= on compatible with ovirt 3.5?</span></div><div><br></div><div>What did I wr= ong?</div><div><br></div><div>Thanks in advance,</div><div>Tibor</div></div=
</body></html> ------=_Part_6727133_325728685.1416415592421--
----- Original Message -----
From: "Demeter Tibor" <tdemeter@itsmart.hu> To: "users@ovirt.org List" <users@ovirt.org> Sent: Wednesday, November 19, 2014 6:46:32 PM Subject: [ovirt-users] IPA-auth: user password expired
Hi,
I have an IPA server 3.0 on centos 6.6. I successfully attached to my ovirt cluster. I can see the users on ovirt user tab, but after auth I always get this error:
Cannot Login. User Password has expired. Use the following URL to change the password: (nothing)
I have try out with different long passwords and different users, but it's same.
Is this version compatible with ovirt 3.5?
What did I wrong?
Logs will be nice /var/log/ovirt-engine/engine.log. Also testing the new ovirt-engine-extension-aaa-ldap provider from 3.5 snapshots repo will be nice[1] [1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...
Hi Tibor, On Wed, Nov 19, 2014 at 6:46 PM, Demeter Tibor <tdemeter@itsmart.hu> wrote:
Hi,
I have an IPA server 3.0 on centos 6.6. I successfully attached to my ovirt cluster. I can see the users on ovirt user tab, but after auth I always get this error:
Cannot Login. User Password has expired. Use the following URL to change the password: (nothing)
I have try out with different long passwords and different users, but it's same.
Did you try accessing a regular linux client with the same account? In IPA, new user passwords are always set as expired by design - please see [1]. To test this, you can try to login a client. If it is really expired, system will ask you to provide a new password. After this, you'll be able to login RHEVM with the new password you've just set. [1] http://www.freeipa.org/page/New_Passwords_Expired Regards, -- Ekin
------=_Part_6733633_1982062574.1416422335899 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi,=20 I don't have linux client.=20 Can I change password without this?=20 Thanks,=20 Tibor=20 ----- Eredeti =C3=BCzenet -----
Hi Tibor,
On Wed, Nov 19, 2014 at 6:46 PM, Demeter Tibor < tdemeter@itsmart.hu > wr= ote:
Hi, =20
I have an IPA server 3.0 on centos 6.6. =20 I successfully attached to my ovirt cluster. =20 I can see the users on ovirt user tab, but after auth I always get this error: =20
Cannot Login. User Password has expired. Use the following URL to chang= e the password: (nothing) =20
I have try out with different long passwords and different users, but i= t's same. =20
=E2=80=8BDid you try accessing a regular linux client with the same accou= nt? In IPA, new user passwords are always set as expired by design - please see [1].
To test this, you can try to login a client. If it is really expired, sys= tem will ask you to provide a new password. After this, you'll be able to log= in RHEVM with the new password you've just set.
=E2=80=8B[1] http://www.freeipa.org/page/New_Passwords_Expired =E2=80=8B
Regards, -- Ekin
I don't have linux client.</div><div>Can I change password without this?</=
<div>I can see the users on ovirt user tab, but after auth I always get th= is error:</div><div><span><br></span></div><div><span>Cannot Login. User Pa= ssword has expired. Use the following URL to change the password: (nothing)= </span></div><div><span><br></span></div><div><span>I have try out with dif= ferent long passwords and different users, but it's same.</span></div></div= </blockquote><div><br></div><div><div class=3D"gmail_default" style=3D"fon= t-family:tahoma,sans-serif;font-size:small;display:inline">=E2=80=8BDid you=
------=_Part_6733633_1982062574.1416422335899 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><body><div style=3D"font-family: times new roman, new york, times, se= rif; font-size: 12pt; color: #000000"><div>Hi,<br></div><div><br></div><div= div><div><br></div><div>Thanks,</div><div><br>Tibor</div><div><br></div><hr= id=3D"zwchr"><blockquote style=3D"border-left:2px solid #1010FF;margin-lef= t:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text= -decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><d= iv dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:tahoma,san= s-serif;font-size:small">Hi Tibor,</div><div class=3D"gmail_extra"><br><div= class=3D"gmail_quote">On Wed, Nov 19, 2014 at 6:46 PM, Demeter Tibor <span= dir=3D"ltr"><<a href=3D"mailto:tdemeter@itsmart.hu" target=3D"_blank">t= demeter@itsmart.hu</a>></span> wrote:<br><blockquote class=3D"gmail_quot= e" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-colo= r:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div style=3D"= font-family:'times new roman','new york',times,serif;font-size:12pt;color:r= gb(0,0,0)"><div>Hi,</div><div><br></div><div>I have an IPA server 3.0 on ce= ntos 6.6.</div><div>I successfully attached to my ovirt cluster. </div= try accessing a regular linux client with the same account? In IPA, new us= er passwords are always set as expired by design - please see [1].&nb= sp;</div></div><div><div class=3D"gmail_default" style=3D"font-family:tahom= a,sans-serif;font-size:small;display:inline"><br></div></div><div><div clas= s=3D"gmail_default" style=3D"font-family:tahoma,sans-serif;font-size:small;= display:inline">To test this, you can try to login a client. If it is reall= y expired, system will ask you to provide a new password. After this, you'l= l be able to login RHEVM with the new password you've just set.</div>= </div><div><br></div><div class=3D"gmail_default" style=3D"font-family:taho= ma,sans-serif;font-size:small">=E2=80=8B[1] </div><div class=3D"gmail_= default" style=3D"font-family:tahoma,sans-serif;font-size:small"><a href=3D= "http://www.freeipa.org/page/New_Passwords_Expired" target=3D"_blank">http:= //www.freeipa.org/page/New_Passwords_Expired</a>=E2=80=8B</div><div class= =3D"gmail_default" style=3D"font-family:tahoma,sans-serif;font-size:small">= <br></div><div class=3D"gmail_default" style=3D"font-family:tahoma,sans-ser= if;font-size:small">Regards,</div><div class=3D"gmail_default" style=3D"fon= t-family:tahoma,sans-serif;font-size:small">--</div><div class=3D"gmail_def= ault" style=3D"font-family:tahoma,sans-serif;font-size:small">Ekin</div></d= iv> </div></div> </blockquote><div><br></div></div></body></html> ------=_Part_6733633_1982062574.1416422335899--
Hi, An ldappasswd command would change it without setting as expired. It will prompt twice for the account password you'll set, and the password for the directory manager once: $ ldappasswd -ZZ -D 'cn=directory manager' -W -S uid=USERNAME,cn=users,cn=accounts,dc=example,dc=org -H ldap:// ipaserver.example.org You'll need to set the username (USERNAME) domain (example.org) and server FQDN accordingly. Hope this helps, On Wed, Nov 19, 2014 at 8:38 PM, Demeter Tibor <tdemeter@itsmart.hu> wrote:
Hi,
I don't have linux client. Can I change password without this?
Thanks,
Tibor
------------------------------
Hi Tibor,
On Wed, Nov 19, 2014 at 6:46 PM, Demeter Tibor <tdemeter@itsmart.hu> wrote:
Hi,
I have an IPA server 3.0 on centos 6.6. I successfully attached to my ovirt cluster. I can see the users on ovirt user tab, but after auth I always get this error:
Cannot Login. User Password has expired. Use the following URL to change the password: (nothing)
I have try out with different long passwords and different users, but it's same.
Did you try accessing a regular linux client with the same account? In IPA, new user passwords are always set as expired by design - please see [1].
To test this, you can try to login a client. If it is really expired, system will ask you to provide a new password. After this, you'll be able to login RHEVM with the new password you've just set.
[1] http://www.freeipa.org/page/New_Passwords_Expired
Regards, -- Ekin
-- Ekin Meroğlu *Red Hat Certified Datacenter Specialist* *linuxera* Özgür Yazılım Çözüm ve Hizmetleri *T* +90 (850) 22 LINUX *GSM* +90 (532) 137 77 04
------=_Part_6830391_1351976731.1416471066743 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi,=20 Thank you, that's worked!=20 Bye=20 Tibor=20 ----- Eredeti =C3=BCzenet -----
Hi,
An ldappasswd command would change it without setting as expired. It will prompt twice for the account password you'll set, and the password for th= e directory manager once:
$ ldappasswd -ZZ -D 'cn=3Ddirectory manager' -W -S uid=3DUSERNAME,cn=3Dusers,cn=3Daccounts,dc=3Dexample,dc=3Dorg -H ldap:// ipaserver.example.org
You'll need to set the username (USERNAME) domain ( example.org ) and ser= ver FQDN accordingly.
Hope this helps,
On Wed, Nov 19, 2014 at 8:38 PM, Demeter Tibor < tdemeter@itsmart.hu > wr= ote:
Hi, =20
I don't have linux client. =20 Can I change password without this? =20
Thanks, =20
Tibor =20
Hi Tibor, =20 =20
On Wed, Nov 19, 2014 at 6:46 PM, Demeter Tibor < tdemeter@itsmart.hu =
wrote: =20 =20
Hi, =20 =20 =20
I have an IPA server 3.0 on centos 6.6. =20 =20 =20 I successfully attached to my ovirt cluster. =20 =20 =20 I can see the users on ovirt user tab, but after auth I always get = this error: =20 =20 =20
Cannot Login. User Password has expired. Use the following URL to change the password: (nothing) =20 =20 =20
I have try out with different long passwords and different users, b= ut it's same. =20 =20 =20
=E2=80=8BDid you try accessing a regular linux client with the same a= ccount? In IPA, new user passwords are always set as expired by design - please see [= 1]. =20 =20
To test this, you can try to login a client. If it is really expired, system will ask you to provide a new password. After this, you'll be able to login RHEVM with the new password you've just set. =20 =20
=E2=80=8B[1] =20 =20 http://www.freeipa.org/page/New_Passwords_Expired =E2=80=8B =20 =20
Regards, =20 =20 -- =20 =20 Ekin =20 =20
-- Ekin Mero=C4=9Flu Red Hat Certified Datacenter Specialist linuxera =C3=96zg=C3=BCr Yaz=C4=B1l=C4=B1m =C3=87=C3=B6z=C3=BCm ve Hizmet= leri T +90 (850) 22 LINUX GSM +90 (532) 137 77 04
Tibor</div><div><br></div><hr><div><div class=3D"h5"><blockquote style=3D"= border-left:2px solid #1010ff;margin-left:5px;padding-left:5px;color:#000;f= ont-weight:normal;font-style:normal;text-decoration:none;font-family:Helvet= ica,Arial,sans-serif;font-size:12pt"><div dir=3D"ltr"><div class=3D"gmail_d= efault" style=3D"font-family:tahoma,sans-serif;font-size:small">Hi Tibor,</=
</div><div><span>Cannot Login. User Password has expired. Use the followin= g URL to change the password: (nothing)</span></div><div><span><br></span><= /div><div><span>I have try out with different long passwords and different = users, but it's same.</span></div></div></blockquote><div><br></div><div><d= iv class=3D"gmail_default" style=3D"font-family:tahoma,sans-serif;font-size= :small;display:inline">=E2=80=8BDid you try accessing a regular linux clien= t with the same account? In IPA, new user passwords are always set as expir= ed by design - please see [1]. </div></div><div><div class=3D"gm= ail_default" style=3D"font-family:tahoma,sans-serif;font-size:small;display= :inline"><br></div></div><div><div class=3D"gmail_default" style=3D"font-fa= mily:tahoma,sans-serif;font-size:small;display:inline">To test this, you ca= n try to login a client. If it is really expired, system will ask you to pr= ovide a new password. After this, you'll be able to login RHEVM with =
------=_Part_6830391_1351976731.1416471066743 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><body><div style=3D"font-family: times new roman, new york, times, se= rif; font-size: 12pt; color: #000000"><div>Hi,</div><div><br></div><div>Tha= nk you, that's worked!</div><div><br></div><div>Bye</div><div><br></div><di= v>Tibor</div><div><br></div><div><br></div><hr id=3D"zwchr"><blockquote sty= le=3D"border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:= #000;font-weight:normal;font-style:normal;text-decoration:none;font-family:= Helvetica,Arial,sans-serif;font-size:12pt;"><div dir=3D"ltr"><div class=3D"= gmail_default" style=3D"font-family:tahoma,sans-serif;font-size:small">Hi,<= /div><div class=3D"gmail_default" style=3D"font-family:tahoma,sans-serif;fo= nt-size:small"><br></div><div class=3D"gmail_default" style=3D"font-family:= tahoma,sans-serif;font-size:small">An ldappasswd command would change it wi= thout setting as expired. It will prompt twice for the account password you= 'll set, and the password for the directory manager once:</div><div c= lass=3D"gmail_default" style=3D"font-family:tahoma,sans-serif;font-size:sma= ll"><br></div><div class=3D"gmail_default" style=3D""><span face=3D"monospa= ce" data-mce-style=3D"font-family: monospace;" style=3D"font-family: monosp= ace;">$ ldappasswd -ZZ -D 'cn=3Ddirectory manager' -W -S uid=3DUSERNAME,cn= =3Dusers,cn=3Daccounts,dc=3Dexample,dc=3Dorg -H ldap://<a href=3D"http://ip= aserver.example.org" target=3D"_blank">ipaserver.example.org</a></span><br>= </div><div class=3D"gmail_default" style=3D""><span face=3D"tahoma, sans-se= rif" data-mce-style=3D"font-family: tahoma, sans-serif;" style=3D"font-fami= ly: tahoma, sans-serif;"><br></span></div><div class=3D"gmail_default" styl= e=3D""><span face=3D"tahoma, sans-serif" data-mce-style=3D"font-family: tah= oma, sans-serif;" style=3D"font-family: tahoma, sans-serif;">You'll need to= set the username (USERNAME) domain (<a href=3D"http://example.org" target= =3D"_blank">example.org</a>) and server FQDN accordingly.</span></div><div = class=3D"gmail_default" style=3D""><span face=3D"tahoma, sans-serif" data-m= ce-style=3D"font-family: tahoma, sans-serif;" style=3D"font-family: tahoma,= sans-serif;"><br></span></div><div class=3D"gmail_default" style=3D""><spa= n face=3D"tahoma, sans-serif" data-mce-style=3D"font-family: tahoma, sans-s= erif;" style=3D"font-family: tahoma, sans-serif;">Hope this helps,</span></= div></div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Wed,= Nov 19, 2014 at 8:38 PM, Demeter Tibor <span dir=3D"ltr"><<a href=3D"ma= ilto:tdemeter@itsmart.hu" target=3D"_blank">tdemeter@itsmart.hu</a>></sp= an> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;= border-left:1px #ccc solid;padding-left:1ex"><div><div style=3D"font-family= :times new roman,new york,times,serif;font-size:12pt;color:#000000"><div>Hi= ,<br></div><div><br></div><div>I don't have linux client.</div><div>Can I c= hange password without this?</div><div><br></div><div>Thanks,</div><div><br= div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Wed, Nov 1= 9, 2014 at 6:46 PM, Demeter Tibor <span dir=3D"ltr"><<a href=3D"mailto:t= demeter@itsmart.hu" target=3D"_blank">tdemeter@itsmart.hu</a>></span> wr= ote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex= ;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style= :solid;padding-left:1ex"><div style=3D"font-family:'times new roman','new y= ork',times,serif;font-size:12pt;color:rgb(0,0,0)"><div>Hi,</div><div><br></= div><div>I have an IPA server 3.0 on centos 6.6.</div><div>I successfully a= ttached to my ovirt cluster. </div><div>I can see the users on ovirt u= ser tab, but after auth I always get this error:</div><div><span><br></span= the new password you've just set.</div></div><div><br></div><div class=3D"g= mail_default" style=3D"font-family:tahoma,sans-serif;font-size:small">=E2= =80=8B[1] </div><div class=3D"gmail_default" style=3D"font-family:taho= ma,sans-serif;font-size:small"><a href=3D"http://www.freeipa.org/page/New_P= asswords_Expired" target=3D"_blank">http://www.freeipa.org/page/New_Passwor= ds_Expired</a>=E2=80=8B</div><div class=3D"gmail_default" style=3D"font-fam= ily:tahoma,sans-serif;font-size:small"><br></div><div class=3D"gmail_defaul= t" style=3D"font-family:tahoma,sans-serif;font-size:small">Regards,</div><d= iv class=3D"gmail_default" style=3D"font-family:tahoma,sans-serif;font-size= :small">--</div><div class=3D"gmail_default" style=3D"font-family:tahoma,sa= ns-serif;font-size:small">Ekin</div></div> </div></div> </blockquote><div><br></div></div></div></div></div></blockquote></div><br>= <br clear=3D"all"><div><br></div>-- <br><div class=3D"gmail_signature"><div= dir=3D"ltr"><span><span face=3D"tahoma, sans-serif" data-mce-style=3D"font= -family: tahoma, sans-serif;" style=3D"font-family: tahoma, sans-serif;">Ek= in Mero=C4=9Flu </span><span face=3D"tahoma, sans-serif" data-mce-style=3D"= font-family: tahoma, sans-serif;" style=3D"font-family: tahoma, sans-serif;= "><i>Red Hat Certified Datacenter Specialist</i><br><b>linuxera</b> =C3=96z= g=C3=BCr Yaz=C4=B1l=C4=B1m =C3=87=C3=B6z=C3=BCm ve Hizmetleri<br><b>T</b> += 90 (850) 22 LINUX <b>GSM</b> +90 (532) 137 77 04</span></span></div></div> </div> </blockquote><div><br></div></div></body></html> ------=_Part_6830391_1351976731.1416471066743--
participants (3)
-
Alon Bar-Lev -
Demeter Tibor -
Ekin Meroğlu