ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 18
Registered: ‎04-13-2009

MS change password message not showed up

I have the following scenario:

MS AD user database server, an IAS and 802.1x EAP/PEAP Aruba OS 3.3.2.11 and XP SP2 clients.

Problem: For security reason user password is configured in AD to be changed every 2 months but the user never receive the message before the dead line and of course he can not signed in after the expiration time and he has to request the password be changed manually in AD and even in the AD is set the "user must change the password at next logon" option, the message to do that never appears either. And you can imagine that the final user is not happy due to other person knows his password even the AD administrator.

Any suggestions to pinpoint this issue will be appreciated. Thanks
Guru Elite
Posts: 20,584
Registered: ‎03-29-2007

Machine Authentication

Are you doing "Machine Authentication"? http://articles.techrepublic.com.com/5100-10878_11-6148579.html


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 18
Registered: ‎04-13-2009

Re: MS change password message not showed up

No, we are not using Machine Authentication just User Authentication.
Guru Elite
Posts: 20,584
Registered: ‎03-29-2007

Machine Authentication

I think that message only shows up when a user logs into the computer, gets a logon script, etc. If you are not doing machine authentication, your users are just using cached credentials, is why they don't see the change password message. They probably are not getting logon scripts, either.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎08-07-2007

Re: MS change password message not showed up

i believe that you will need to allow the machines to authenticate also.
This will most likely be as a result of your radius server policy, and ensuring that authenticate as machine when available is selected on client.
Allowing the machine to authenticate then allows log on scripts and AD GPO to be pushed to the client - which will also allow password change to be conducted
Occasional Contributor II
Posts: 23
Registered: ‎01-23-2009

Re: MS change password message not showed up

This has to do with your RADIUS server.

Read this thread:
http://listserv.educause.edu/cgi-bin/wa.exe?A2=ind0507&L=WIRELESS-LAN&P=R2733&D=0&I=-3
and others in that listserv to get some background.

Frank
Occasional Contributor II
Posts: 18
Registered: ‎04-13-2009

Re: MS change password message not showed up

Thanks to all of you. In a lab environment we reproduced the problem and we change the IAS config to authenticate computers and also we install a CA in order to fix the problem:)
Search Airheads
Showing results for 
Search instead for 
Did you mean: