demogorgonz
commented
2 years ago Ok so i made new AD, enabled CA/SSL.. tripple checked new password against password policy and still get random errors:
{"EventId":1,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Hosting.Diagnostics","Message":"Request starting HTTP/1.1 POST http://localhost/api/password application/json 164","State":{"Message":"Request starting HTTP/1.1 POST http://localhost/api/password application/json 164","Protocol":"HTTP/1.1","Method":"POST","ContentType":"application/json","Co
ntentLength":164,"Scheme":"http","Host":"localhost","PathBase":"","Path":"/api/password","QueryString":""}}
{"EventId":0,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Routing.EndpointMiddleware","Message":"Executing endpoint \u0027Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)\u0027","State":{"Message":"Executing endpoint \u0027Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)\u0027","
EndpointName":"Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)","{OriginalFormat}":"Executing endpoint \u0027{EndpointName}\u0027"}}
{"EventId":3,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","Message":"Route matched with {action = \u0022Post\u0022, controller = \u0022Password\u0022}. Executing controller action with signature System.Threading.Tasks.Task\u00601[Microsoft.AspNetCore.Mvc.IActionResult] Post(Unosquare.PassCore.Web.Models.C
hangePasswordModel) on controller Unosquare.PassCore.Web.Controllers.PasswordController (Unosquare.PassCore.Web).","State":{"Message":"Route matched with {action = \u0022Post\u0022, controller = \u0022Password\u0022}. Executing controller action with signature System.Threading.Tasks.Task\u00601[Microsoft.AspNetCore.Mvc.IActionResult] Post(Unosquare.PassCore.Web
.Models.ChangePasswordModel) on controller Unosquare.PassCore.Web.Controllers.PasswordController (Unosquare.PassCore.Web).","RouteData":"{action = \u0022Post\u0022, controller = \u0022Password\u0022}","MethodInfo":"System.Threading.Tasks.Task\u00601[Microsoft.AspNetCore.Mvc.IActionResult] Post(Unosquare.PassCore.Web.Models.ChangePasswordModel)","Controller":"Un
osquare.PassCore.Web.Controllers.PasswordController","AssemblyName":"Unosquare.PassCore.Web","{OriginalFormat}":"Route matched with {RouteData}. Executing controller action with signature {MethodInfo} on controller {Controller} ({AssemblyName})."}}
{"EventId":0,"LogLevel":"Warning","Category":"PassCoreLDAPProvider","Message":"LDAP query: (sAMAccountName=123)","State":{"Message":"LDAP query: (sAMAccountName=123)","0":"(sAMAccountName=123)","{OriginalFormat}":"LDAP query: {0}"}}
{"EventId":0,"LogLevel":"Warning","Category":"PassCoreLDAPProvider","Message":"Resolved Win32 API Error: code=1325 name=ERROR_PASSWORD_RESTRICTION desc=Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain. - LdapException: Constraint Violation (19) Constraint Violation
\nLdapException: Server Message: 0000052D: AtrErr: DSID-031910C9, #1:\n\t0: 0000052D: DSID-031910C9, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)\n\u0000\nLdapException: Matched DN: ","State":{"Message":"Resolved Win32 API Error: code=1325 name=ERROR_PASSWORD_RESTRICTION desc=Unable to update the password. The value provided for the new pa
ssword does not meet the length, complexity, or history requirements of the domain. - LdapException: Constraint Violation (19) Constraint Violation\nLdapException: Server Message: 0000052D: AtrErr: DSID-031910C9, #1:\n\t0: 0000052D: DSID-031910C9, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)\n\u0000\nLdapException: Matched DN: ","0":"LdapE
xception: Constraint Violation (19) Constraint Violation\nLdapException: Server Message: 0000052D: AtrErr: DSID-031910C9, #1:\n\t0: 0000052D: DSID-031910C9, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)\n\u0000\nLdapException: Matched DN: ","{OriginalFormat}":"Resolved Win32 API Error: code=1325 name=ERROR_PASSWORD_RESTRICTION desc=Unable t
o update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain. - {0}"}}
{"EventId":1,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultExecutor","Message":"Executing BadRequestObjectResult, writing value of type \u0027Unosquare.PassCore.Web.Models.ApiResult\u0027.","State":{"Message":"Executing BadRequestObjectResult, writing value of type \u0027Unosquare.PassCore.Web.Models.ApiResult\u0027.",
"ObjectResultType":"BadRequestObjectResult","Type":"Unosquare.PassCore.Web.Models.ApiResult","{OriginalFormat}":"Executing {ObjectResultType}, writing value of type \u0027{Type}\u0027."}}
{"EventId":2,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","Message":"Executed action Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web) in 60.8681ms","State":{"Message":"Executed action Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web) in
60.8681ms","ActionName":"Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)","ElapsedMilliseconds":60.8681,"{OriginalFormat}":"Executed action {ActionName} in {ElapsedMilliseconds}ms"}}
{"EventId":1,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Routing.EndpointMiddleware","Message":"Executed endpoint \u0027Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)\u0027","State":{"Message":"Executed endpoint \u0027Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)\u0027","En
dpointName":"Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)","{OriginalFormat}":"Executed endpoint \u0027{EndpointName}\u0027"}}
{"EventId":2,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Hosting.Diagnostics","Message":"Request finished HTTP/1.1 POST http://localhost/api/password application/json 164 - 400 - application/json;\u002Bcharset=utf-8 61.2996ms","State":{"Message":"Request finished HTTP/1.1 POST http://localhost/api/password application/json 164 - 400 - application/
json;\u002Bcharset=utf-8 61.2996ms","ElapsedMilliseconds":61.2996,"StatusCode":400,"ContentType":"application/json; charset=utf-8","ContentLength":null,"Protocol":"HTTP/1.1","Method":"POST","Scheme":"http","Host":"localhost","PathBase":"","Path":"/api/password","QueryString":""}}
With the focus on :
name=ERROR_PASSWORD_RESTRICTION desc=Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain.
Run command:
docker run \
-e WebSettings__EnableHttpsRedirect='false' \
-e AppSettings__UseAutomaticContext='false' \
-e AppSettings__LdapHostnames__0='192.168.1.60' \
-e AppSettings__LdapPort='636' \
-e AppSettings__LdapUsername='passcore' \
-e AppSettings__LdapPassword='P@ssw0rd' \
-e ClientSettings__UseEmail='false' \
-e AppSettings__IdTypeForUser='SAM' \
-e AppSettings__DefaultDomain='corp.localdev' \
-e AppSettings__LdapSearchBase='CN=Users,DC=corp,DC=localdev' \
-e AppSettings__LdapSecureSocketLayer='true' \
-e AppSettings__LdapStartTls='false' \
-e AppSettings__LdapIgnoreTlsValidation='true' \
-e AppSettings__LdapIgnoreTlsErrors='true' \
-e AppSettings__RestrictedADGroups='' \
-it \
-p 80:80 \
passcore:latestpasscore user is in Domain Admins group too.
PassCore Server
Can anyone share working config for AD setup ? Is port
636required for password change to work ?I have been fiddling and got various errors from :
Have tried even windows powershell install, but got requests spamming without password change.
Current run command is (doesn't work) :