I've configured sssd on an Ubuntu 18.04 server in aws to join an AD domain.
I've already managed to sucessfully login using an active directory account, so i'm assuming all AD services are correctly configured in this machine.
The issue appears when i try to change the password (using passwd).
lucas.camilo@DOMAIN@HOSTNAME:~$ passwd
Current Password:
New password:
Retype new password:
Password change failed. Server message: Please make sure the password meets the complexity constraints.
passwd: Authentication token manipulation error
passwd: password unchanged
As for the error message, i've already checked the complexity requirements and it's not that (i'm the one that set those up), and i've also found that it's a generic error message.
After setting debug_level to 10 (using sudo sss_debuglevel 10), i tried again, got the same message on output, and i got this on sudo cat /var/log/sssd/krb5_child.log
(... pasting the last 4 lines)
(Tue Jul 7 23:12:21 2020) [[sssd[krb5_child[2410]]]] [changepw_child] (0x0020): krb5_change_password failed [4][Password change rejected].
(Tue Jul 7 23:12:21 2020) [[sssd[krb5_child[2410]]]] [k5c_send_data] (0x0200): Received error code 1432158228
(Tue Jul 7 23:12:21 2020) [[sssd[krb5_child[2410]]]] [pack_response_packet] (0x2000): response packet size: [83]
(Tue Jul 7 23:12:21 2020) [[sssd[krb5_child[2410]]]] [k5c_send_data] (0x4000): Response sent.
(Tue Jul 7 23:12:21 2020) [[sssd[krb5_child[2410]]]] [main] (0x0400): krb5_child completed successfully
I'm not finding much using that error code (1432158228), and i'm faily new to using AD on linux. Am i doing this wrong? Is there any better way of changing AD passwords from linux?
Thanks!
Weirdly enough, it took two reboots (and a couple of hours of doing nothing) to get it working.
Hopefully won't happen again.