CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have sign-ups from twelve different countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 7/14, 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > SecureClient/SecuRemote
Reload this Page AD Password Change
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2008-04-23
veste veste is offline
Junior Member
  
Join Date: 2006-06-14
Location: AT
Posts: 18
Rep Power: 0
veste has an average reputation (10+)
Default AD Password Change
Hello Experts!

We use secureclient and securemote (R60-hfa02, win-xp clients) with radius-authentication towards our active directory (IAS on W2K) and it works well.

We have one problem : if a password is about to expire, the SR/SC asks to change the password. When the user does so, the domain-pw is changed, but only on the DC. The old password is cached on the client side, so there's a mixture old pw - new pw -- very confusing for the users!

Is it possible to disable this behaviour in secureclient/securemote (no pw-change)?


regards,
stefan
Reply With Quote
  #2 (permalink)  
Old 2008-04-25
chillyjim chillyjim is offline
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,598
Rep Power: 4
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: AD Password Change
Are you using SDL? If you do, then the client will have a connection to the DC and will receive the new password. Otherwise all bets are off as to when the client decides to update the cached credentials.
Reply With Quote
  #3 (permalink)  
Old 2008-04-25
ppawlo ppawlo is offline
Member
  
Join Date: 2007-02-17
Posts: 42
Rep Power: 0
ppawlo has an average reputation (10+)
Default Re: AD Password Change
Quote:
Originally Posted by veste View Post
Hello Experts!

We use secureclient and securemote (R60-hfa02, win-xp clients) with radius-authentication towards our active directory (IAS on W2K) and it works well.

We have one problem : if a password is about to expire, the SR/SC asks to change the password. When the user does so, the domain-pw is changed, but only on the DC. The old password is cached on the client side, so there's a mixture old pw - new pw -- very confusing for the users!

Is it possible to disable this behaviour in secureclient/securemote (no pw-change)?


regards,
stefan
Do you have SP2 for Windows XP?
I think after that you should put (ctrl+alt+del) block computer, and unblock. Then the system should know new password.

Pawel
Reply With Quote
  #4 (permalink)  
Old 2008-04-27
chillyjim chillyjim is offline
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,598
Rep Power: 4
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: AD Password Change
The whole process is documented here http://www.cpug.org/check_point_reso...0FW-1%20NG.zip

It's a little dated but you will get the idea.
Reply With Quote
  #5 (permalink)  
Old 2008-04-29
veste veste is offline
Junior Member
  
Join Date: 2006-06-14
Location: AT
Posts: 18
Rep Power: 0
veste has an average reputation (10+)
Default Re: AD Password Change
Quote:
Originally Posted by ppawlo View Post
Do you have SP2 for Windows XP?
I think after that you should put (ctrl+alt+del) block computer, and unblock. Then the system should know new password.

Pawel
Quote:
Originally Posted by chillyjim View Post
Are you using SDL? If you do, then the client will have a connection to the DC and will receive the new password. Otherwise all bets are off as to when the client decides to update the cached credentials.
No i don't use SDL and yes XP-SP2 is installed on all clients!
I read all the documents. I don't use smart directory as we only have an "express"-license, so they don't match exactly our environment.

I've quick-tried the (ctrl+alt+del)-trick and it seems to work - more a workaround than a solution, but for now better than nothing.


regards,
stefan
Reply With Quote
  #6 (permalink)  
Old 2008-05-02
chillyjim chillyjim is offline
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,598
Rep Power: 4
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: AD Password Change
Enable SDL then the passwords will stay in sync as the connection to the DC will be up before you change your password.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 01:27.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0