08-08-2012 09:42 AM
We have an SA4500 7.0r4 pending upgrade to 7.1r10. We have set Microsoft LDAP for authentication of our users so they get a notification 14 days out from pwd expiration and they connect using NC. Users can successfully change their password through the IVE but problem is that though AD password change works fine..the new credential to not cache to the local machine. This is needed as we have a sizable number of people who work from home always. Is their a particular solution that will allow my users to change their password via LDAP through the IVE and have the new credentials storied on the local machine?
Solved! Go to Solution.
08-09-2012 02:16 AM
This password is changed from SA to backend so the local machine will not be able to update the password.
The user once connected via NC can press ctrl + alt + del and then update the password on his local machine
08-09-2012 03:57 AM
My remotes are told to only change password once logged into PC and connected to NC. THen do a CTL ALT DEL to change and cache.
A trick in case the PWD is out of sync is to log PC with local account and "run as" IE to cache the network user account back to PC.
08-10-2012 02:01 AM
Hi, my users have this issue too. Sometimes they are running network connect, other times they are logging in from home machines with no domain affiliation. They get 'invalid login' in IE, then their accounts get locked after 3 times (standard AD password policy), then they claim that the helpdesk unlocks their account, they remove all installed Juniper products like host checker, and they are able to login fine... I didnt think there were any locally cached AD passwords within users personal machines??
08-10-2012 06:22 AM
You are correct there are no AD cached passwords on personal machines because personal owned computers are rarily allowed to connect to a company's AD domain. I did find the acceptable workaround however for my situation. Thanks for you input :-)
08-10-2012 06:25 AM
yes I discovered this last night in a document. However, I thought there might be a way to do this automatically without end user intervention through some configuration or policy setting through the juniper device itself but I guess that is not the case. Thanks for your input :-)
08-10-2012 06:29 AM
you mean to launch IE in run as administrator then sign in to vpn via NC and then do the password change?? Not sure I follow you. Can you explain in a little more detail please?