SSL VPN
Reply
Contributor
Wyle
Posts: 20
Registered: ‎05-19-2008
0
Accepted Solution

Users cannot change password in IVE

Originally my SA-4000 was running 5.3 code and password management worked. Upgraded to 5.5 OS and the login banner for password expiration stopped working (among other things :smileymad: ) but users could still change their password under preferences.

 

In order to fix a network connect issue with 5.5, I upgraded to 6.1R2-1 (latest version). It seems to have restored my Password Expiration warning (still hasn't fixed my NC issue), but now it refuses to let the users change their password. So now when a user logs in and it says "Password Expired, you must change it" it won't let them. It just tells them "Could not change password".

 

I'm using LDAPS, the certs on my Auth servers are valid, and my CA is trusted by the IVE. 

 

I'm not sure what else to do at this point. 

 

 

Juniper Employee
Skywalker
Posts: 13
Registered: ‎05-12-2008
0

Re: Users cannot change password in IVE

Hi Wyle,


Not sure if this is a bug in 6.1R2-1, but here is a URL that may help you troubleshoot this issue.  If this doesn't help you may want to contact the TAC and have them help debug your issue.

 

http://kb.juniper.net/kb/documents/public/IVE/SA-SM-Admin-Help/wwhelp/wwhimpl/common/html/wwhelp.htm?context=SA_Admin_Help&file=chapServers-22.html#wp1057353

 

Luke Skywalker
Sr. Jedi Knight
Contributor
Wyle
Posts: 20
Registered: ‎05-19-2008
0

Re: Users cannot change password in IVE

[ Edited ]

Seems that the IVE OS's are full of bugs. Everytime I have one, the solution from Juniper is always to upgrade to another version. Then, it might fix it (most of the time it doesn't), and it breaks something else. I've had a case open with JTAC over Network Connect issues for almost a year and have upgraded and rolled back over 5 times to try and fix it. Started when I went to 5.3 and hasn't been right since.

 

Currently I am at 6.0R5.

 


 

Message Edited by Wyle on 07-07-2008 04:33 PM
Visitor
TheDawg
Posts: 1
Registered: ‎05-28-2008

Re: Users cannot change password in IVE

Had the same problem when we upgraded. I was told the account used to query the Active Directory domain needed to be a Domain Admin. Domain Admin rights are way too much. The account just needed to be a Domain User with the ability to reset passwords on the Domain. I hope this helps.
Visitor
AgentNate
Posts: 6
Registered: ‎06-04-2008
0

Re: Users cannot change password in IVE

TheDawg is right.  I originally opened a case on this issue and it went to engineering.  Their fix was to use a domain admin account, but I was able to use a domain user account with password changing priveleges. 
Contributor
Wyle
Posts: 20
Registered: ‎05-19-2008
0

Re: Users cannot change password in IVE

Gentlemen, thanks for the info. I've always used the Administrator for the domain. It was set up like that by my predecessor.

 

I even tried other accounts, domain admins, users etc. No joy.

 

It worked in 5.5. Config didn't change between upgrades.  

Contributor
Wyle
Posts: 20
Registered: ‎05-19-2008
0

Re: Users cannot change password in IVE

This has been fixed.

 

Basically in the auth server it had SamAccountname=<USERNAME> for authentication and  6.0R5 doesn't like that.

 

JTAC had me change it to SamAccountname=<USER> and voila! Problem fixed. 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.