[Bug 961653] New: When logging in to Gnome using a samba account, if password change is required login succeeds without forcing password change
http://bugzilla.opensuse.org/show_bug.cgi?id=961653 Bug ID: 961653 Summary: When logging in to Gnome using a samba account, if password change is required login succeeds without forcing password change Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: GNOME Assignee: bnc-team-gnome@forge.provo.novell.com Reporter: jamesrstocker@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Using a samba domain account (set up using Windows Domain Membership tool), if I change the password must change status using: sudo net sam set pwdmustchangenow username yes When I go to log in to my account a notification shows "Password must change" but then login continues as normal and I'm allowed in to my account. I would expect that a password change should be forced. All that appeared in the journal when this happens was this: Jan 12 16:54:18 box gdm-password][6116]: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=SMB01\username Jan 12 16:54:18 box gdm-password][6116]: pam_winbind(gdm-password:auth): getting password (0x00000390) Jan 12 16:54:18 box gdm-password][6116]: pam_winbind(gdm-password:auth): pam_get_item returned a password Jan 12 16:54:19 box gdm-password][6116]: pam_winbind(gdm-password:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_NEW_AUTHTOK_REQD (12), NTSTATUS: NT_STATUS_PASSWORD_MUST_CHANGE, Error message was: Must change password Jan 12 16:54:19 box gdm-password][6116]: pam_winbind(gdm-password:auth): user 'SMB01\username' new password required -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=961653
Howard Guo
http://bugzilla.opensuse.org/show_bug.cgi?id=961653
http://bugzilla.opensuse.org/show_bug.cgi?id=961653#c1
Howard Guo
http://bugzilla.opensuse.org/show_bug.cgi?id=961653
http://bugzilla.opensuse.org/show_bug.cgi?id=961653#c2
--- Comment #2 from James Stocker
http://bugzilla.opensuse.org/show_bug.cgi?id=961653
http://bugzilla.opensuse.org/show_bug.cgi?id=961653#c3
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=961653
http://bugzilla.opensuse.org/show_bug.cgi?id=961653#c4
--- Comment #4 from James Stocker
http://bugzilla.opensuse.org/show_bug.cgi?id=961653
James Stocker
http://bugzilla.opensuse.org/show_bug.cgi?id=961653
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=961653
http://bugzilla.opensuse.org/show_bug.cgi?id=961653#c7
--- Comment #7 from James Stocker
http://bugzilla.opensuse.org/show_bug.cgi?id=961653
http://bugzilla.opensuse.org/show_bug.cgi?id=961653#c9
--- Comment #9 from James Stocker
http://bugzilla.opensuse.org/show_bug.cgi?id=961653
http://bugzilla.opensuse.org/show_bug.cgi?id=961653#c10
--- Comment #10 from Yifan Jiang
That question doesn't make sense in the context. If I reboot it would have no affect on the password that samba is expecting, it already rejected the new password we tried to submit, at that point the user should have been told why the password change failed and told to try again, not to be logging in
Ye..if you can still use the old password after reboot, it indeed revealed indirectly the password was not set at the first place (excluding the cache issue). I will set up something similar to take a look. Thanks James! -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=961653
http://bugzilla.opensuse.org/show_bug.cgi?id=961653#c11
--- Comment #11 from James Stocker
http://bugzilla.opensuse.org/show_bug.cgi?id=961653
http://bugzilla.opensuse.org/show_bug.cgi?id=961653#c16
--- Comment #16 from James Stocker
http://bugzilla.opensuse.org/show_bug.cgi?id=961653
http://bugzilla.opensuse.org/show_bug.cgi?id=961653#c20
--- Comment #20 from James Stocker
http://bugzilla.opensuse.org/show_bug.cgi?id=961653
Tomáš Chvátal
participants (1)
-
bugzilla_noreply@novell.com