Jump to content
Welcome to our new Citrix community!

Unable to voluntarily change user password


Recommended Posts

Once logged in, unable to change user password voluntarily. GUI returns

Password change failed. Make sure you supply correct existing password and try again

  • VPX NS12.1 48.13.nc.
  • port 636
  • AD has certificates bound
  • No AD event log messages
  • LDAP policy/server tests OK from ldapsearch and GUI

Here is the output from /tmp/aaad.debug. TLDR:

  • binding successful
  • It implies it has changed the password with the message Finished chpwd, attempting to bind user XXXXXX\gconstantine with new password
  • Has error LDAP error string: <<80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 57, v1db1>>
  • With LDAP action failed (error 49): Invalid credentials
  • And LDAP authentication failed for user XXXXXX\gconstantine, (error 49): Invalid credentials

Any ideas out there? Thanks!

Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/ldap_common.c[439]: ns_ldap_check_result 0-6736: checking LDAP result.  Expecting 97 (LDAP_RES_BIND)
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/ldap_common.c[477]: ns_ldap_check_result 0-6736: ldap_result found expected result LDAP_RES_BIND
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/naaad.c[5064]: unregister_timer 0-6736: releasing timer 29211
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/ldap_chpwd.c[179]: receive_ldap_chpwd_bind_event 0-6736: Original slen: 19
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/ldap_chpwd.c[187]: receive_ldap_chpwd_bind_event 0-6736: Original user name: <gconstantine>, slen = 12
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/ldap_chpwd.c[215]: receive_ldap_chpwd_bind_event 0-6736: User name: dirty = <gconstantine> sanitized = <gconstantine>
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/ldap_common.c[1238]: ns_ldap_search 0-6736: Searching for <<(| (objectClass=domainDNS) (& (samAccountName=gconstantine) (objectClass=*)))>> from base <<DC=YYYYYY,DC=XXXXXX,DC=com,DC=au>>
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/naaad.c[4987]: register_timer 0-6736: setting timer 29212
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/ldap_common.c[1262]: ns_ldap_search 0-6736: Sent user search query.
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/ldap_common.c[439]: ns_ldap_check_result 0-6736: checking LDAP result.  Expecting 101 (LDAP_RES_SEARCH_RESULT)
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/ldap_common.c[477]: ns_ldap_check_result 0-6736: ldap_result found expected result LDAP_RES_SEARCH_RESULT
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/ldap_chpwd.c[266]: receive_ldap_chpwd_user_search_event 0-6736: received LDAP_OK
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/naaad.c[5064]: unregister_timer 0-6736: releasing timer 29212
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/ldap_chpwd.c[321]: receive_ldap_chpwd_user_search_event 0-6736: Finished chpwd, attempting to bind user XXXXXX\gconstantine with new password
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/naaad.c[4987]: register_timer 0-6736: setting timer 29213
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/ldap_common.c[439]: ns_ldap_check_result 0-6736: checking LDAP result.  Expecting 97 (LDAP_RES_BIND)
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/ldap_common.c[477]: ns_ldap_check_result 0-6736: ldap_result found expected result LDAP_RES_BIND
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/ldap_common.c[301]: ns_show_ldap_err_string 0-6736: LDAP error string: <<80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 57, v1db1>>
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/ldap_common.c[487]: ns_ldap_check_result 0-6736: LDAP action failed (error 49): Invalid credentials
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/ldap_common.c[492]: ns_ldap_check_result 0-6736: LDAP authentication failed for user XXXXXX\gconstantine, (error 49): Invalid credentials
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/naaad.c[5064]: unregister_timer 0-6736: releasing timer 29213
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/ldap_chpwd.c[387]: receive_ldap_chpwd_user_bind_event 0-6736: password modify failed for user XXXXXX\gconstantine, incorrect existing password supplied :Can't contact LDAP server
Fri Apr 12 14:45:01 2019
 /home/build/rs_121_48_11_RTM/usr.src/netscaler/aaad/naaad.c[4444]: send_chpwd_fail 0-6736: sending password change failure to kernel for : XXXXXX\gconstantine

 

Link to comment
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...