Aloha Guys, I’ve got a strange problem. I’ve setup my thinclients to authenticate against my Active Directory using kerberos. So far so good. Users can logon to my thinclients running IGEL OS. But when a user tries to logon with a account which has “user must change password on next logon” enabled it fails. The user cannot logon. Our local IGEL tech guy here in the Netherlands tested the same thing is his LAB, and he gets a nice “change password” box. Has anyone seen this behaviour?
Aloha! Yes, a couple of times but it’s difficult to debug such a complex topic without beeing onsite.
Can you give some more informations like: Firmware, AD Type / Version, the type of failure?
You could use a terminal session (Accessories=>Terminal) login as root, and test a few things:
kpasswd your email@example.com
enable debug mode: auth.login.krb5_debug
check the /var/log/krb5.log or dmesg | grep krb5
check also the kerberos ticket lifetime in your group policies and on profile side: technet.microsoft.com/en-us/library/jj852188(v=ws.11).aspx
Some more helpful Kerberos commands:
Display kerberos tickets
Active Directory login
thnx for the reply, after checking the debug logs, I found the problem. the client time and domain controller time were not in sync. There was a difference of 1.5 minutes, did a time sync and now its working perfectly. So thanks for pointing my in the right direction.
You are welcome! That‘s right, thought it was already checked👍
Continue reading and comment on the thread ‘IGEL OS with Active Directory using kerberos – when a user tries to logon with a account which has “user must change password on next logon” enabled it fails’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.
Submit a question, or Join Today!
Popular Message Threads
- Receiving error: “Citrix Receiver cannot create a secure connection in this browser” when launching a secure connection from Firefox on IGEL OS
- How to Install IGEL OS via a Bootable USB Drive
- How to change the default IGEL UMS admin password?
- Where to delete the certificates that cause ‘invalid certificate’ when trying to import an IGEL into UMS?
- IGEL UMS Universal Update Error: “could not resolve host name”
- Citrix connection via Netscaler Error: “AM_ERROR_AUTH_NETWORK_ERROR” on IGEL OS
- Error connecting to Citrix StoreFront “Error adding store: Http error”