AD Windows Server 2022 - password Change LDAP/RPC

PAM Core
1

I try to configure windows password change. My device has connection to AD serwer with LDAP and RPC
obraz
I added credential, and AD user has permission to change own password
With RPC i have error ERROR: Cannot connect to svcctl pipe. NT_STATUS_OBJECT_NAME_NOT_FOUND.
Do i have to open another port not only RPC 135

With LDAP server i have error attribute ‘unicodePwd’.: 53 - Server is unwilling to perform

I use default template to passord change

2

Hi ,

For the ERROR: Cannot connect to svcctl pipe. NT_STATUS_OBJECT_NAME_NOT_FOUND.

check the windows Remote Procedure Call (RPC) service Running or not. Start Windows RPC service and change start automatically on services.msc.

Try logging in with the user whose password you are trying to rotate, and open CMD normally (not as Administrator). Then, try running ‘net user ’ to see if it works.
If not, delegate the privilege and change the group policy to function as mentioned.

**** LDAPS****

For the ‘unicodePwd’.: 53 - Server is unwilling to perform - This also can have the issue of privilege’s.

For the remote password reset we must have LDAPS connectivity

But, Try as following.

Go to run and open LDP.exe (run >> LDP.exe)

check whether the AD domain name is connecting properly without any error.

WhatsApp Image 2024-04-02 at 15.40.24_4a181734

If connecting Successfully

Change the device IP in the device configuration on Senhasegura to match the AD Domain name as shown in the image.

WhatsApp Image 2024-04-02 at 15.39.39_393793bb
WhatsApp Image 2024-04-02 at 15.39.39_393793bb903×126 15.3 KB

This may appear as not connectable on Device configuration but check telnet on CLI.

Change the LDAPS Script according to the following Script,

Protocol Version

set-option LDAP_OPT_PROTOCOL_VERSION 3
set-option LDAP_OPT_REFERRALS 3

Execute Bind

bind “CN=appadmin,CN=Users,DC=app,DC=net”

Locate User Entry

find “CN=Users,DC=app,DC=net” (sAMAccountName=[username#])

Change Password

mod-replace unicodePwd “u([#NEW_PASSWORD#])”

I hope this solution resolves your issue.

Ramkishan.

3

RPC function has automatic start
obraz
Net user works in cmd on user profile. I can login with rdp on user account and change password.
But if i want to do the same in PAM i have error NT_STATUS_OBJECT_NAME_NOT_FOUND.

4

Hello Dominik!

Thank you for reaching out to us regarding the issue you’re experiencing.

To provide you with the best assistance and ensure a thorough analysis of the problem, we kindly request that you open a ticket on our platform. This will allow our technical team to gather specific details about the issue in question.

Platform: https://suporte.senhasegura.com.br

Best regards!