Unable to reset local user credentials when vIDM is enabled on NSX Manager
book
Article ID: 339388
calendar_today
Updated On:
Products
VMware NSX Networking
Issue/Introduction
Symptoms: Attempting to reset the credentials of a local user will not succeed when logging in and out. vIDM integration must first be disabled to allow change to credentials.
Environment
VMware NSX-T Data Center 4.x VMware NSX-T Data Center VMware NSX-T Data Center 3.x
Cause
PasswordExpiredException is properly thrown; however, immediately after, since vIDM is enabled, the OAuth2 filter fires. Since the PAM provider doesn't actually throw an authentication failure event, by the time the PasswordExpirationFailureHandler is called, it will process the exception thrown by the OAuth2 provider (which is a BadCredentials Exception)
Resolution
Upgrade to 4.1+ and 3.2.3+
Workaround: vIDM configuration must be (temporarily) disabled, the local credentials reset during this time, and then integration re-enabled