PDA

View Full Version : Connectra A/D Password Remediation



raggy
2010-11-30, 06:02
Hi All

Im struggling to get password remediation working with Connectra.
SSL is working. Active Directory users can log in.
When password is about to expire we get the notification and the option to change, however it will not let us change it.
Windows logs show successful login so im stumped!
Any ideas where to start looking?

Many Thanks

ShadowPeak.com
2010-11-30, 11:50
I'm assuming your Connectra is centrally managed from a SmartCenter. Almost all LDAP integrations I've seen are read-only, and I've seen the password remediation process fail due to a lack of write permission.

On your Account Unit object in SmartDashboard, make sure that "write data to this server" is checked on all LDAP servers defined for that AU. Also verify the permissions on the Login DN account specified; it will need to have write permission allowed on your LDAP server. To isolate whether it is a Login DN permissions issue try temporarily using the Administrator account, reinstall policy to the security gateway, and attempt a password remediation.

EJSTL
2010-12-01, 19:14
Not trying to hijack the thread just sharing some experience here;

I'm having a similar problem though I'm confident it's not a permission issue. I have read/write enabled on the AU and am running over SSL. I have even ran the update_schema script to extend the schema on my DC.

I can authenticate AD users and browse the tree so I know that's all working fine, just the remediation is still not working. The end user gets an error back saying "Failed to modify password, LDAP error" (a tracker log with the same message is generated as well).

Blast
2011-08-03, 04:26
Hi,

I don't know if Your problem still exists but I've found solution in my environment.
The problem was permissions of user used in Account Unit. He needs reset password priviledge on user accounts in LDAP.
Of course, SSL Encryption is also needed as mentioned above.

I hope it helps