#1615 IPA client cannot change AD Trusted User password
Closed: Fixed None Opened 6 years ago by dpal.

https://bugzilla.redhat.com/show_bug.cgi?id=870238 (Red Hat Enterprise Linux 6)

Description of problem:

I can't seem to change an AD Trusted User's Password from an IPA client.  If I
setup a trust on IPA env to AD domain, I would expect to be able to change

Version-Release number of selected component (if applicable):
[root@rhel6-1 ~]# rpm -q ipa-server-trust-ad
[root@rhel6-1 ~]# rpm -q ipa-server

-sh-4.1$ passwd
Changing password for user adtestuser5@adtestdom.com.
Current Password:
passwd: Authentication token manipulation error

-sh-4.1$ exit
Connection to rhel6-1.testrelm.com closed.

[root@rhel6-1 ~]# tail -3 /var/log/secure
Oct 25 17:22:28 rhel6-1 passwd: pam_unix(passwd:chauthtok): user
"adtestuser5@adtestdom.com" does not exist in /etc/passwd
Oct 25 17:22:32 rhel6-1 passwd: pam_sss(passwd:chauthtok): Authentication
failed for user adtestuser5@adtestdom.com: 4 (System error)
Oct 25 17:23:36 rhel6-1 sshd[11248]: pam_unix(sshd:session): session closed for
user adtestuser5@adtestdom.com

[root@rhel6-1 ~]# kinit Administrator@ADTESTDOM.COM
Password for Administrator@ADTESTDOM.COM:

[root@rhel6-1 ~]# passwd adtestuser5@adtestdom.com
Changing password for user adtestuser5@adtestdom.com.
passwd: Authentication token manipulation error

[root@rhel6-1 ~]# passwd adtestuser5@ADTESTDOM.COM
Changing password for user adtestuser5@ADTESTDOM.COM.
passwd: Authentication token manipulation error

How reproducible:
always as far as I can tell.

Steps to Reproduce:
1.  Setup IPA Master
2.  Setup AD Server
3.  Setup trust with ipa-adtrust-install; ipa trust-add
4.  Log in as AD user on IPA client (can be master)
5.  run passwd to try to change the user's password.

Actual results:
password change fails

Expected results:
password change succeeds.

Additional info:

Fields changed

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => sbose
status: new => assigned
testsupdated: => 0

Fields changed

patch: 0 => 1

Fields changed

milestone: SSSD 1.9.4 => SSSD 1.9.3

Fixed in master:
- 9459006
- ba098f8
- 6ef6612
and sssd-1-9:
- 0d20b3f
- 8fd7d4b
- cfed272
- d2386d8

resolution: => fixed
status: assigned => closed

Metadata Update from @dpal:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.9.3

2 years ago

Login to comment on this ticket.