An endpoint has been set through UNAB so that it is able to change its password in Active Directory
Despite this, there are messages in the agent_debug indicating that this fails
20230307083351.164587 T3581747200 L 1: uxauthd: Failed to reset the endpoint's password in AD.
And when checking the audit log inside the /var/log/audit directory, it points towards the SELinux policies not allowing the operation to complete properly
[root@xxxxxxxxxx ~]# cat /var/log/audit/audit.log | grep denied | grep ux | tail -5 | while read line; do time=`echo $line | sed 's/.*audit(\([0-9]*\).*/\1/'`; echo `date -d @$time` $line; done
Tue Mar 7 08:33:50 CET 2023 type=AVC msg=audit(1678174430.158:146956): avc: denied { name_connect } for pid=954136 comm="uxauthd" dest=464 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:kerberos_password_port_t:s0 tclass=tcp_socket permissive=0
Tue Mar 7 08:33:51 CET 2023 type=AVC msg=audit(1678174431.161:146957): avc: denied { name_connect } for pid=954136 comm="uxauthd" dest=464 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:kerberos_password_port_t:s0 tclass=tcp_socket permissive=0
Tue Mar 7 08:33:51 CET 2023 type=AVC msg=audit(1678174431.162:146958): avc: denied { name_connect } for pid=954136 comm="uxauthd" dest=464 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:kerberos_password_port_t:s0 tclass=tcp_socket permissive=0
Tue Mar 7 08:33:51 CET 2023 type=AVC msg=audit(1678174431.162:146959): avc: denied { name_connect } for pid=954136 comm="uxauthd" dest=464 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:kerberos_password_port_t:s0 tclass=tcp_socket permissive=0
Tue Mar 7 08:33:51 CET 2023 type=AVC msg=audit(1678174431.163:146960): avc: denied { name_connect } for pid=954136 comm="uxauthd" dest=464 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:kerberos_password_port_t:s0 tclass=tcp_socket permissive=0
Release : 14.10.50.61
This problem exists in all version prior to 14.10.50.70 due to an outdated selinux.sh configuration policy
Please upgrade UNAB to version 14.10.40.70 or later