Bug 43852 - Test case samba4/40password-policies fails in UCS 4.2
Test case samba4/40password-policies fails in UCS 4.2
Status: CLOSED FIXED
Product: UCS Test
Classification: Unclassified
Component: Samba
unspecified
Other Linux
: P5 normal (vote)
: UCS 4.2
Assigned To: Stefan Gohmann
Arvid Requate
: interim-4
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-03-14 20:56 CET by Stefan Gohmann
Modified: 2017-04-04 18:28 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2017-03-14 20:56:34 CET
The test case 51_samba4/40password-policies fails in UCS 4.2. Samba changed the return value:


root@master421:~# /usr/share/ucs-test/51_samba4/40password-policies -f
----create user   
info 2017-03-14 17:01:00         create user o78cau4k
Object created: uid=o78cau4k,cn=users,dc=deadlock42,dc=intranet
debug 2017-03-14 17:01:01        Waiting for replication...
OK: replication complete (nid=2092 lid=2092)
info 2017-03-14 17:01:01         replication complete.
Waiting for DRS replication for (sAMAccountName=o78cau4k): .
DRS replication took 2 seconds
----set pwdChangeNextLogin=1
----wait until it is recognized in samba that the user has been modified
-----Log in without changing the password
Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS -  <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 773, v1db1> <>
Failed to connect to 'ldap://localhost' with backend 'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS -  <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 773, v1db1> <>
Failed to connect to ldap://localhost - LDAP error 49 LDAP_INVALID_CREDENTIALS -  <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 773, v1db1> <>
error 2017-03-14 17:01:05        Expected return value "NT_STATUS_PASSWORD_MUST_CHANGE"
----Changing the password
error 2017-03-14 17:01:05        **************** Test failed above this line (1) ****************
Changed password OK
----Checking password: 
Domain=[DEADLOCK42] OS=[] Server=[]
info 2017-03-14 17:01:07         remove user o78cau4k
Object removed: uid=o78cau4k,cn=users,dc=deadlock42,dc=intranet
debug 2017-03-14 17:01:07        user o78cau4k removed
info 2017-03-14 17:01:07         checking whether the user o78cau4k is really removed
debug 2017-03-14 17:01:07        user o78cau4k does not exist
Starting 1 ucs-test at 2017-03-14 17:01:07 to /dev/null
Test whether UDM attribute pwdChangeNextLogin is honored................................................................................................ Test failed
root@master421:~#
Comment 1 Stefan Gohmann univentionstaff 2017-03-14 20:58:31 CET
r77714:
* 51_samba4/40password-policies: Samba 4 changed the LDAP return value
  for an expired password (Bug #43852)
Comment 2 Florian Best univentionstaff 2017-03-15 12:09:29 CET
Did really samba changed the return value from "NT_STATUS_PASSWORD_MUST_CHANGE" to LDAP_INVALID_CREDENTIALS? Or is this caused by Bug #36215?
Comment 3 Florian Best univentionstaff 2017-03-15 13:52:20 CET
(In reply to Florian Best from comment #2)
> Did really samba changed the return value from
> "NT_STATUS_PASSWORD_MUST_CHANGE" to LDAP_INVALID_CREDENTIALS? Or is this
> caused by Bug #36215?
Seems not.
Comment 4 Stefan Gohmann univentionstaff 2017-03-15 16:19:14 CET
Looks good now.
Comment 5 Arvid Requate univentionstaff 2017-03-16 14:00:47 CET
Yes.
Comment 6 Stefan Gohmann univentionstaff 2017-04-04 18:28:43 CEST
UCS 4.2 has been released:
 https://docs.software-univention.de/release-notes-4.2-0-en.html
 https://docs.software-univention.de/release-notes-4.2-0-de.html

If this error occurs again, please use "Clone This Bug".