Bug ID 961653
Summary When logging in to Gnome using a samba account, if password change is required login succeeds without forcing password change
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.1
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component GNOME
Assignee bnc-team-gnome@forge.provo.novell.com
Reporter jamesrstocker@gmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Using a samba domain account (set up using Windows Domain Membership tool), if
I change the password must change status using:

sudo net sam set pwdmustchangenow username yes

When I go to log in to my account a notification shows "Password must change"
but then login continues as normal and I'm allowed in to my account.

I would expect that a password change should be forced.

All that appeared in the journal when this happens was this:

Jan 12 16:54:18 box gdm-password][6116]: pam_unix(gdm-password:auth):
authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
user=SMB01\username
Jan 12 16:54:18 box gdm-password][6116]: pam_winbind(gdm-password:auth):
getting password (0x00000390)
Jan 12 16:54:18 box gdm-password][6116]: pam_winbind(gdm-password:auth):
pam_get_item returned a password
Jan 12 16:54:19 box gdm-password][6116]: pam_winbind(gdm-password:auth):
request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error:
PAM_NEW_AUTHTOK_REQD (12), NTSTATUS: NT_STATUS_PASSWORD_MUST_CHANGE, Error
message was: Must change password
Jan 12 16:54:19 box gdm-password][6116]: pam_winbind(gdm-password:auth): user
'SMB01\username' new password required

You are receiving this mail because: