Skip to content
This repository has been archived by the owner on Jun 2, 2023. It is now read-only.

Changes the password, but gives lots of errors #652

Open
igenkin opened this issue Sep 23, 2021 · 5 comments
Open

Changes the password, but gives lots of errors #652

igenkin opened this issue Sep 23, 2021 · 5 comments

Comments

@igenkin
Copy link

igenkin commented Sep 23, 2021

PassCore Server

  • OS: Windows

  • Provider: Active Directory

  • Version: 4.2.3

  • Settings file:

{
"Logging": {
"IncludeScopes": false,
"LogLevel": {
"Default": "Debug",
"System": "Information",
"Microsoft": "Information"
}
},
"WebSettings": {
"EnableHttpsRedirect": true
},
"AppSettings": {
// The following options for AD Provider (remove if you don't use this Provider)
"UseAutomaticContext": true, // Set true to allow PassCore to reset password using the same credentials, or false if you will fill the credentials below
"RestrictedADGroups": [
"Administrators",
"Domain Admins",
"Enterprise Admins"
], // Set the AD groups to restrict the use of PassCore
"AllowedADGroups": [], // Set the AD Groups to allow PassCore, if the array is empty all the groups no-restricted above are allowed
"IdTypeForUser": "UPN", // Possible values are "DN", "GUID", "Name", "SAM", "SID" and "UPN" (Default UPN)
"UpdateLastPassword": false, // Set true to allow PassCore to update the last password timestamp
// The following options are for LDAP Provider (remove if you don't use this Provider)
"LdapSearchBase": "OU=ABC,OU=XYZ,DC=BLAHBLAH,DC=local",
"LdapSecureSocketLayer": true, // Default for AD is true when using LDAPS 636
"LdapStartTls": false, // Default for AD is true when using LDAP 389
"LdapChangePasswordWithDelAdd": true,
"LdapSearchFilter": "(sAMAccountName={Username})", // Another value: "(&(objectClass=person)(cn={Username}))"
// General options (valid for both providers)
"LdapHostnames": [ "domaincontroller.blahblah.local" ], // Set your hostname(s)
"LdapPort": 636, // Default for AD is 389, for LDAPS 636
"LdapUsername": "service_account_for_ldap", // Set the username or distinguish name (DN) to bind the LDAP server
"LdapPassword": "password", // Set the password for the username
"DefaultDomain": "blahblah.local" // Set your default AD domain here, or non "@" logins will not work! Use empty value to allow user to set the domain. This option is ONLY available with UPN.
},
}

  • Log file:

System.NullReferenceException: Object reference not set to an instance of an object.
at Unosquare.PassCore.PasswordProvider.PasswordChangeProvider.b__7_1(Principal x) in C:\Unosquare\passcore\src\Unosquare.PassCore.PasswordProvider\PasswordChangeProvider.cs:line 173
at System.Linq.Enumerable.Any[TSource](IEnumerable1 source, Func2 predicate)
at Unosquare.PassCore.PasswordProvider.PasswordChangeProvider.ValidateGroups(UserPrincipal userPrincipal) in C:\Unosquare\passcore\src\Unosquare.PassCore.PasswordProvider\PasswordChangeProvider.cs:line 183
fail: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[888]
ValidateGroups
System.NullReferenceException: Object reference not set to an instance of an object.
at Unosquare.PassCore.PasswordProvider.PasswordChangeProvider.b__7_1(Principal x) in C:\Unosquare\passcore\src\Unosquare.PassCore.PasswordProvider\PasswordChangeProvider.cs:line 173
at System.Linq.Enumerable.Any[TSource](IEnumerable1 source, Func2 predicate)
at Unosquare.PassCore.PasswordProvider.PasswordChangeProvider.ValidateGroups(UserPrincipal userPrincipal) in C:\Unosquare\passcore\src\Unosquare.PassCore.PasswordProvider\PasswordChangeProvider.cs:line 183
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The User principal password cannot be changed and setPassword won't be called
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The specified network password is not correct. (0x80070056)
info: Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultExecutor[1]
Executing ObjectResult, writing value of type 'Unosquare.PassCore.Web.Models.ApiResult'.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
Executed action Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web) in 2134.192ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint 'Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 2134.5465ms 400 application/json; charset=utf-8
fail: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[888]
ValidateGroups
System.NullReferenceException: Object reference not set to an instance of an object.
at Unosquare.PassCore.PasswordProvider.PasswordChangeProvider.b__7_1(Principal x) in C:\Unosquare\passcore\src\Unosquare.PassCore.PasswordProvider\PasswordChangeProvider.cs:line 173
at System.Linq.Enumerable.Any[TSource](IEnumerable1 source, Func2 predicate)
at Unosquare.PassCore.PasswordProvider.PasswordChangeProvider.ValidateGroups(UserPrincipal userPrincipal) in C:\Unosquare\passcore\src\Unosquare.PassCore.PasswordProvider\PasswordChangeProvider.cs:line 183
fail: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[888]
ValidateGroups
System.NullReferenceException: Object reference not set to an instance of an object.
at Unosquare.PassCore.PasswordProvider.PasswordChangeProvider.b__7_1(Principal x) in C:\Unosquare\passcore\src\Unosquare.PassCore.PasswordProvider\PasswordChangeProvider.cs:line 173
at System.Linq.Enumerable.Any[TSource](IEnumerable1 source, Func2 predicate)
at Unosquare.PassCore.PasswordProvider.PasswordChangeProvider.ValidateGroups(UserPrincipal userPrincipal) in C:\Unosquare\passcore\src\Unosquare.PassCore.PasswordProvider\PasswordChangeProvider.cs:line 183
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The User principal password cannot be changed and setPassword won't be called
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The specified network password is not correct. (0x80070056)
info: Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultExecutor[1]
Executing ObjectResult, writing value of type 'Unosquare.PassCore.Web.Models.ApiResult'.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
Executed action Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web) in 2145.6306ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint 'Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 2145.7274ms 400 application/json; charset=utf-8
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The User principal password cannot be changed and setPassword won't be called
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
Access is denied. (0x80070005 (E_ACCESSDENIED))
info: Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultExecutor[1]
Executing ObjectResult, writing value of type 'Unosquare.PassCore.Web.Models.ApiResult'.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
Executed action Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web) in 1587.3233ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint 'Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 1587.4036ms 400 application/json; charset=utf-8
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The User principal password cannot be changed and setPassword won't be called
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The specified network password is not correct. (0x80070056)
info: Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultExecutor[1]
Executing ObjectResult, writing value of type 'Unosquare.PassCore.Web.Models.ApiResult'.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
Executed action Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web) in 1408.6236ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint 'Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 1408.7017ms 400 application/json; charset=utf-8
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The User principal password cannot be changed and setPassword won't be called
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
The specified network password is not correct. (0x80070056)
info: Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultE

Describe the bug
The passcore does change the password. It confirms that and I can use new password after that. So this is working, but at the same time it throws lots of error messages. The first error is 'Access is denied. (0x80070005 (E_ACCESSDENIED))', then it disappears and then gives an error about complex password policies.

  • If I change 'UseAutomaticContext' to 'false' then it doesn't change password at all.
  • Username and password for LDAP user are correct - that's been confirmed.
  • LDAPS on the Active Directory server is working. Verified with LDP.EXE app and the LDAP service account used for passcore.
  • LDAP account has Domain Admin rights ATM.
  • Old and new passwords are certainly not used before and complex enough. I'm testing with passwords like 'F@st3r-ce7ngo-ro@tto'. See the password policies screenshots at the bottom.

To Reproduce
Steps to reproduce the behavior:

  1. Go to 'password.blahblah.com' site to change password
  2. Enter username@blahblah.com, old password, new password, new password.
  3. Click 'Change Password' and wait
  4. See error

Expected behavior
No errors.

Screenshots
passcore_01

Desktop:

  • OS: Windows Server 2019
  • Browser Chrome
  • Version 93.0.4577.82

Additional context

  1. Couldn't make v4.2.4 working at all so had to downgrade to v4.2.3. At least with this version it does change passwords.
  2. Couldn't make it working with using installation PowerShell script so had to use instructions to install it manually.
  3. Had to add Application Pool twice. First time as in the instructions and then within the website . Without that it gives "Server is not ready" error. See screenshots below.

passcore_02

passcore_03

Current AD domain password policy:

passcore_04
@JerCHA81
Copy link

Hello,
i got same problems when changing a password. There is a lot of error message and finally a message that say the password has been change and password has really been change.
Is there any back about this problem ?

@eduder
Copy link

eduder commented Dec 1, 2021

Having the same problem on 4.2.4, running on a Ubuntu 20.04 server talking to 2016 Server AD. Locks the user account out and spams 400 errors in the browser log. Looks like there were previous bugs filed for this but it's been closed.

@AleksAdamovic AleksAdamovic mentioned this issue Mar 3, 2022
Open
@stale
Copy link

stale bot commented Apr 16, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix Problem, or not; this won't be fixed here at least. label Apr 16, 2022
@simonai1254
Copy link

Keepalive

@stale stale bot removed the wontfix Problem, or not; this won't be fixed here at least. label Apr 19, 2022
@LaxVolt
Copy link

LaxVolt commented May 10, 2022

@igenkin - not sure if this will help you but we resolved this on 4.2.0 by changing the flag "LdapChangePasswordWithDelAdd" to false.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@simonai1254 @LaxVolt @eduder @igenkin @JerCHA81