Univention Bugzilla – Bug 30839
UCS memberservers in a Samba4 domain currently cannot find a server for password changes
Last modified: 2020-07-03 20:51:24 CEST
UCS memberservers in a Samba4 domain currently cannot find a server for password changes. For example a user account was modified via UDM cli to force a password change on next login. Logging into the memberserver the user experience is this: arequate@lagra:~$ ssh 10.200.8.13 -l user7 ## try a login to a memberserver user4@ARUCS31I0.QA's Password: Your password will expire at Thu Jan 1 01:00:00 1970 Changing password New password: Repeat new password: kinit: krb5_get_init_creds: Unable to reach any changepw server in realm ARUCS31I0.QA After setting kerberos/kpasswdserver to one of the Samba4 DCs it works. Currently in samba4 domains the 26univention-samba joinscript sets kerberos/defaults/dns_lookup_kdc=false and kerberos/kdc to the DC it finds with "net ads lookup". Either kerberos/defaults/dns_lookup_kdc should be set to true ("locate the KDCs and other servers") or kerberos/kpasswdserver should be set as well. In this case probably one should configure more than one server. For distributed environments (eg. remote Sites or UCS@school) defaults should be chosen wisely. +++ This bug was initially created as a clone of Bug #29438 +++
We will not ship a UCS 3.1-2 release; the next UCS release will be UCS 3.2. As such, this bug is moved to the new target milestone.
happend again during update to 4.1: Ticket#2016042221000258
This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4. If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.
This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.