[
https://issues.apache.org/jira/browse/GUACAMOLE-1296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gary V updated GUACAMOLE-1296:
------------------------------
Description:
Guacamole login fails when a user is required to set a new AD password after
first login.
When a user logs in, AD returns code 773, which implies the authorization is
correct but a new password must be set immediately in the remote session.
Guacamole login fails.
Hint from catalina.out:
{{Message ID : 1}}
\{{ BindResponse}}
\{{ Ldap Result}}
\{{ Result code : (INVALID_CREDENTIALS) invalidCredentials}}
\{{ Matched Dn : ''}}
\{{ Diagnostic message : '80090308: LdapErr: DSID-0C090439, comment:
AcceptSecurityContext error, data 773, v4563^@'}}
Edit some hours later:
I was able to workaround the problem by setting the password of the users
account to the same default password as set in AD. Then the login succeeded,
Windows forced the user to change password, and the user was then able to login
with the new username/password combo.
was:
Guacamole login fails when a user is required to set a new AD password after
first login.
When a user logs in, AD returns code 773, which implies the authorization is
correct but a new password must be set immediately in the remote session.
Guacamole login fails.
Error from catalina.out:
{{Message ID : 1}}
{{ BindResponse}}
{{ Ldap Result}}
{{ Result code : (INVALID_CREDENTIALS) invalidCredentials}}
{{ Matched Dn : ''}}
{{ Diagnostic message : '80090308: LdapErr: DSID-0C090439, comment:
AcceptSecurityContext error, data 773, v4563^@'}}
> Guacamole rejects code 773 response from Windows Server 2019 ActiveDirectory
> ----------------------------------------------------------------------------
>
> Key: GUACAMOLE-1296
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1296
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-ldap
> Affects Versions: 1.3.0
> Reporter: Gary V
> Priority: Minor
>
> Guacamole login fails when a user is required to set a new AD password after
> first login.
> When a user logs in, AD returns code 773, which implies the authorization is
> correct but a new password must be set immediately in the remote session.
> Guacamole login fails.
>
> Hint from catalina.out:
> {{Message ID : 1}}
> \{{ BindResponse}}
> \{{ Ldap Result}}
> \{{ Result code : (INVALID_CREDENTIALS) invalidCredentials}}
> \{{ Matched Dn : ''}}
> \{{ Diagnostic message : '80090308: LdapErr: DSID-0C090439, comment:
> AcceptSecurityContext error, data 773, v4563^@'}}
>
> Edit some hours later:
> I was able to workaround the problem by setting the password of the users
> account to the same default password as set in AD. Then the login succeeded,
> Windows forced the user to change password, and the user was then able to
> login with the new username/password combo.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
