Bug 45554 – Usability: Passing Administrator password to univention-samba-unlock

Bug 45554 - Usability: Passing Administrator password to univention-samba-unlock


Summary:	Usability: Passing Administrator password to univention-samba-unlock

Status:	RESOLVED WONTFIX

Product:	UCS
Classification:	Unclassified
Component:	Samba4
Version:	UCS 4.2
Hardware:	Other Linux

Importance:	P5 enhancement (vote)
Target Milestone:	---
Assigned To:	Samba maintainers
QA Contact:	Samba maintainers

URL:
Keywords:

Depends on:	35072
Blocks:
	Show dependency tree / graph

Reported:	2017-10-17 14:58 CEST by Arvid Requate
Modified:	2020-07-03 20:55 CEST (History)
CC List:	5 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	2: Improvement: Would be a product improvement
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.023
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Usability
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2017-10-17 14:58:48 CEST

The univention-samba-unlock is a bit awkward to use, because it requires authentication as Administrator but doesn't properly handle the interactive password prompt/input of samba-tool. As a workaround this works:


root@master10:~# kinit Administrator
Administrator@AR41I1.QA's Password: 

root@master10:~# univention-samba-unlock -k yes user1


But you get a terrible error message if you do the "normal" thing:
===========================================================================
root@master10:~# univention-samba-unlock user1 -U Administrator
Password for [AR41I1\Administrator]:
Password for [AR41I1\Administrator]:
Password for [AR41I1\Administrator]:
Wrong username or password: kinit for Administrator@AR41I1.QA failed (Preauthentication failed)

Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS -  <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <>
Failed to connect to 'ldaps://master10.ar41i1.qa' with backend 'ldaps': LDAP error 49 LDAP_INVALID_CREDENTIALS -  <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <>
Failed to connect to ldaps://master10.ar41i1.qa - LDAP error 49 LDAP_INVALID_CREDENTIALS -  <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <>
Error unlocking user CN=user1,DC=ar41i1,DC=qa
===========================================================================

Comment 1 Ingo Steuwer

2020-07-03 20:55:55 CEST

This issue has been filed against UCS 4.2.

UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.