Aloha Guys, I’ve got a strange problem. I’ve setup my thinclients to authenticate against my Active Directory using kerberos. So far so good. Users can logon to my thinclients running IGEL OS. But when a user tries to logon with a account which has “user must change password on next logon” enabled it fails. The user cannot logon. Our local IGEL tech guy here in the Netherlands tested the same thing is his LAB, and he gets a nice “change password” box. Has anyone seen this behaviour?
Aloha! Yes, a couple of times but it’s difficult to debug such a complex topic without beeing onsite.
Can you give some more informations like: Firmware, AD Type / Version, the type of failure?
You could use a terminal session (Accessories=>Terminal) login as root, and test a few things:
kpasswd your firstname.lastname@example.org
enable debug mode: auth.login.krb5_debug
check the /var/log/krb5.log or dmesg | grep krb5
check also the kerberos ticket lifetime in your group policies and on profile side: technet.microsoft.com/en-us/library/jj852188(v=ws.11).aspx
Some more helpful Kerberos commands:
Display kerberos tickets
Active Directory login
thnx for the reply, after checking the debug logs, I found the problem. the client time and domain controller time were not in sync. There was a difference of 1.5 minutes, did a time sync and now its working perfectly. So thanks for pointing my in the right direction.
You are welcome! That‘s right, thought it was already checked👍
Continue reading and comment on the thread ‘IGEL OS with Active Directory using kerberos – when a user tries to logon with a account which has “user must change password on next logon” enabled it fails’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.
Submit a question, or Join Today!
Popular Message Threads
- How to Install IGEL OS via a Bootable USB Drive
- Error “AM_ERROR_AUTH_NETWORK_ERROR ” adding store in Citrix Workspace App version 20.x on IGEL OS 11.04
- Error connecting to Citrix StoreFront “Error adding store: Http error”
- Receiving error: “Citrix Receiver cannot create a secure connection in this browser” when launching a secure connection from Firefox on IGEL OS
- How to change the default IGEL UMS admin password?
- Where to delete the certificates that cause ‘invalid certificate’ when trying to import an IGEL into UMS?
- IGEL UD3 (LX50) randomly get this error with Citrix: The X Request 130.1 caused error :”10: BadAccess ( attempt to access private resource denied) any ideas?