Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-1296

Add support for LDAP/AD password expiration and reset

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.3.0
    • Fix Version/s: None
    • Component/s: guacamole-auth-ldap
    • Labels:
      None

      Description

      Guacamole login fails when a user is required to set a new AD password after first login.

      When a user logs in, AD returns code 773, which implies the authorization is correct but a new password must be set immediately in the remote session.

      Guacamole login fails.

       

      Hint from catalina.out:

      Message ID : 1
      {{ BindResponse}}
      {{ Ldap Result}}
      {{ Result code : (INVALID_CREDENTIALS) invalidCredentials}}
      {{ Matched Dn : ''}}
      {{ Diagnostic message : '80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 773, v4563^@'}}

       

      Edit some hours later:

      I was able to workaround the problem by setting the password of the users account to the same default password as set in AD. Then the login succeeded, Windows forced the user to change password, and the user was then able to login with the new username/password combo.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              GaryV Gary V
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: