Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 912470
Description of problem: After: 1. creating an AD user account with expired password (change at first login) 2. Joining AD domain with realm I'm unable to change the password of the user: # ssh SECURITY\\thrix@localhost SECURITY\thrix@localhost's password: Password expired. Change your password now. org.freedesktop.DBus.Error.ServiceUnknown: The name com.redhat.oddjob_mkhomedir was not provided by any .service files Last failed login: Thu Feb 14 17:01:29 CET 2013 from localhost on ssh:notty There were 6 failed login attempts since the last successful login. Last login: Wed Feb 13 17:52:17 2013 from localhost WARNING: Your password has expired. You must change your password now and login again! Changing password for user SECURITY\thrix. Current Password: New password: Retype new password: Password change failed. passwd: Authentication token manipulation error Connection to localhost closed. The secure log shows: Feb 18 18:31:16 dhcp-25-79 sshd[5427]: debug1: Setting controlling tty using TIOCSCTTY. Feb 18 18:31:16 dhcp-25-79 passwd: pam_unix(passwd:chauthtok): user "SECURITY\thrix" does not exist in /etc/passwd Feb 18 18:31:34 dhcp-25-79 passwd: pam_unix(passwd:chauthtok): user "SECURITY\thrix" does not exist in /etc/passwd Feb 18 18:31:34 dhcp-25-79 passwd: pam_sss(passwd:chauthtok): system info: [Generic error (see e-text)] Feb 18 18:31:34 dhcp-25-79 passwd: pam_sss(passwd:chauthtok): User info message: Password change failed. Feb 18 18:31:34 dhcp-25-79 passwd: pam_sss(passwd:chauthtok): Password change failed for user SECURITY\thrix: 20 (Authentication token manipulation error) Feb 18 18:31:36 dhcp-25-79 sshd[5426]: debug1: Received SIGCHLD. Feb 18 18:31:36 dhcp-25-79 sshd[5426]: debug1: session_by_pid: pid 5427 The sssd log shows (with debug_level 0xFFF0) - see attachment Version-Release number of selected component (if applicable): sssd-1.9.3-1.el7.x86_64 realmd-0.12-1.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1. create AD user 2. realm join your.domain 3. ssh YOUR.REALM\\user@localhost Actual results: cannot change password Expected results: password change OK and login successful Additional info: Disabling SELinux has no effect on this bug
Fields changed
blockedby: => blocking: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => selected: => testsupdated: => 0
We might want to print a more useful error message after receiving the Generic Error, something like "Please make sure the password meets the complexity constraints".
This is what you get if you use alternative software: Password does not meet complexity requirements Your password must be at least 7 characters; cannot repeat any of your previous 24 passwords; must contain capitals, numerals or punctuation; and cannot contain your account or full name; Please type a different password. Type a password which meets these requirements in both text boxes.
milestone: NEEDS_TRIAGE => SSSD 1.11 beta
We decided that this ticket would be just about adding a simple generic message that might hint that the cause of the failure is the server password policies. The actual fix will be done later in the scope of #1837.
milestone: SSSD 1.11 beta => SSSD 1.10.0
milestone: SSSD 1.10.0 => SSSD 1.10.1
changelog: => owner: somebody => pbrezina review: => 0 status: new => assigned
patch: 0 => 1
resolution: => fixed status: assigned => closed
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=983028 (Red Hat Enterprise Linux 6)
rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=912470 912470] => [https://bugzilla.redhat.com/show_bug.cgi?id=912470 912470], [https://bugzilla.redhat.com/show_bug.cgi?id=983028 983028]
changelog: => When the user enters a password that doesn't match the complexity requirements on the server, the SSSD now prints a more helpful error message.
Metadata Update from @jhrozek: - Issue assigned to pbrezina - Issue set to the milestone: SSSD 1.10.1
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2869
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Log in to comment on this ticket.