#1615 IPA client cannot change AD Trusted User password
Closed: Fixed None Opened 7 years ago by dpal.

https://bugzilla.redhat.com/show_bug.cgi?id=870238 (Red Hat Enterprise Linux 6)

Description of problem:

I can't seem to change an AD Trusted User's Password from an IPA client.  If I
setup a trust on IPA env to AD domain, I would expect to be able to change
passwords.

Version-Release number of selected component (if applicable):
[root@rhel6-1 ~]# rpm -q ipa-server-trust-ad
ipa-server-trust-ad-3.0.0-105.20121019T0244zgita5684b0.el6.x86_64
[root@rhel6-1 ~]# rpm -q ipa-server
ipa-server-3.0.0-105.20121019T0244zgita5684b0.el6.x86_64

-sh-4.1$ passwd
Changing password for user adtestuser5@adtestdom.com.
Current Password:
passwd: Authentication token manipulation error

-sh-4.1$ exit
logout
Connection to rhel6-1.testrelm.com closed.

[root@rhel6-1 ~]# tail -3 /var/log/secure
Oct 25 17:22:28 rhel6-1 passwd: pam_unix(passwd:chauthtok): user
"adtestuser5@adtestdom.com" does not exist in /etc/passwd
Oct 25 17:22:32 rhel6-1 passwd: pam_sss(passwd:chauthtok): Authentication
failed for user adtestuser5@adtestdom.com: 4 (System error)
Oct 25 17:23:36 rhel6-1 sshd[11248]: pam_unix(sshd:session): session closed for
user adtestuser5@adtestdom.com

[root@rhel6-1 ~]# kinit Administrator@ADTESTDOM.COM
Password for Administrator@ADTESTDOM.COM:

[root@rhel6-1 ~]# passwd adtestuser5@adtestdom.com
Changing password for user adtestuser5@adtestdom.com.
passwd: Authentication token manipulation error

[root@rhel6-1 ~]# passwd adtestuser5@ADTESTDOM.COM
Changing password for user adtestuser5@ADTESTDOM.COM.
passwd: Authentication token manipulation error

How reproducible:
always as far as I can tell.

Steps to Reproduce:
1.  Setup IPA Master
2.  Setup AD Server
3.  Setup trust with ipa-adtrust-install; ipa trust-add
4.  Log in as AD user on IPA client (can be master)
5.  run passwd to try to change the user's password.

Actual results:
password change fails

Expected results:
password change succeeds.

Additional info:

Fields changed

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => sbose
status: new => assigned
testsupdated: => 0

Fields changed

patch: 0 => 1

Fields changed

milestone: SSSD 1.9.4 => SSSD 1.9.3

Fixed in master:
- 9459006
- ba098f8
- 6ef6612
and sssd-1-9:
- 0d20b3f
- 8fd7d4b
- cfed272
- d2386d8

resolution: => fixed
status: assigned => closed

Metadata Update from @dpal:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.9.3

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2657

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata