SSL VPN
Reply
Visitor
ogre12
Posts: 6
Registered: ‎08-02-2012
0
Accepted Solution

new credentials not cached to the local machine.

We have an SA4500 7.0r4 pending upgrade to 7.1r10. We have set Microsoft LDAP for authentication of our users so they get a notification 14 days out from pwd expiration and they connect using NC. Users can successfully change their password through the IVE but problem is that though AD password change works fine..the new credential to not cache to the local machine. This is needed as we have a sizable number of people who work from home always. Is their a particular solution that will allow my users to change their password via LDAP through the IVE and have the new credentials storied on the local machine?

Recognized Expert
jayLaiz
Posts: 416
Registered: ‎11-25-2009
0

Re: new credentials not cached to the local machine.

Hi,


This password is changed from SA to backend so the local machine will not be able to update the password.

 

The user once connected via NC can press ctrl + alt + del and then update the password on his local machine

 

Regards,

Jay

Contributor
RexPGP
Posts: 145
Registered: ‎05-04-2009
0

Re: new credentials not cached to the local machine.

My remotes are told to only change password once logged into PC and connected to NC. THen do a CTL ALT DEL to change and cache.

 

A trick in case the PWD is out of sync is to log PC with local account and "run as" IE to cache the network user account back to PC.

Trusted Contributor
NatashaW
Posts: 51
Registered: ‎06-13-2012
0

Re: new credentials not cached to the local machine.

Hi, my users have this issue too. Sometimes they are running network connect, other times they are logging in from home machines with no domain affiliation. They get 'invalid login' in IE, then their accounts get locked after 3 times (standard AD password policy), then they claim that the helpdesk unlocks their account, they remove all installed Juniper products like host checker, and they are able to login fine... I didnt think there were any locally cached AD passwords within users personal machines??

 

Natasha

Visitor
ogre12
Posts: 6
Registered: ‎08-02-2012
0

Re: new credentials not cached to the local machine.

You are correct there are no AD cached passwords on personal machines because personal owned computers are rarily allowed to connect to a company's AD domain. I did find the acceptable workaround however for my situation. Thanks for you input :-)

Visitor
ogre12
Posts: 6
Registered: ‎08-02-2012
0

Re: new credentials not cached to the local machine.

yes I discovered this last night in a document. However, I thought there might be a way to do this automatically without end user intervention through some configuration or policy setting through the juniper device itself but I guess that is not the case. Thanks for your input :-)

Visitor
ogre12
Posts: 6
Registered: ‎08-02-2012
0

Re: new credentials not cached to the local machine.

you mean to launch IE in run as administrator then sign in to vpn via NC and then do the password change?? Not sure I follow you. Can you explain in a little more detail please?

Trusted Contributor
NatashaW
Posts: 51
Registered: ‎06-13-2012
0

Re: new credentials not cached to the local machine.

Thanks for confirming that nothing is cached locally. Will the 'run IE as admin' fix work if the user is not running network connect?

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.