Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD Password management -good doc?

imanenvoy_
Contributor
‎08-18-2011 12:08:PM
‎08-18-2011 12:08:PM

AD Password management -good doc?

It's my understanding that in order for IVE to handle password expiration you have to query AD as an LDAP authentication source because the samba (regular AD authentication source) doesn't support password expiration. Is that correct?

Also, NPS won't handle password expiration either correct?

Does anyone have any good docs/how-tos on how to setup IVE and AD to support password managment? I've seen conflicting information on in-house and public certs, where there installed (IVE or AD), etc.

So if anyone has a step-by-step that would be a huge help.

Thanks for the time.

0 Kudos
7 REPLIES 7
zanyterp_
Respected Contributor
‎08-18-2011 09:29:PM
‎08-18-2011 09:29:PM

Re: AD Password management -good doc?

@imanenvoy wrote:

It's my understanding that in order for IVE to handle password expiration you have to query AD as an LDAP authentication source because the samba (regular AD authentication source) doesn't support password expiration. Is that correct?

No, that is not correct. A good place for this information is the admin guide.

The AD/NT auth server instance supports password management. What is NOT supported is password expiration notifcation or any other password notification messages._

0 Kudos
RexPGP_
Frequent Contributor
‎08-19-2011 11:00:AM
‎08-19-2011 11:00:AM

Re: AD Password management -good doc?

Port 389 usind LDAP and Active Directory

0 Kudos
imanenvoy_
Contributor
‎08-21-2011 02:10:PM
‎08-21-2011 02:10:PM

Re: AD Password management -good doc?

Sorry let me rephrase. Users can change their passwords but don't get any password message or notification or prompt that their password has or is going to expire. On the day their password expires if they login they won't get prompted for a new password. Correct?

0 Kudos
zanyterp_
Respected Contributor
‎08-22-2011 06:56:AM
‎08-22-2011 06:56:AM

Re: AD Password management -good doc?

yes, other than on the day of expiration, that is correct. those messages and behavior is available _only_ through the LDAP server type (which communicates with your AD server). on the day the password expires, they should see a message that the password has expired and needs to be changed and the change done.
0 Kudos
Anilkumar_
Not applicable
‎08-25-2011 04:48:AM
‎08-25-2011 04:48:AM

Re: AD Password management -good doc?

Hi,

Here is your solution

http://www.lepide.com/active-directory-self-service.html_

Try the trial version first.

0 Kudos
fduranti_
Occasional Contributor
‎08-25-2011 12:58:PM
‎08-25-2011 12:58:PM

Re: AD Password management -good doc?

I'm a bit confused... checking on the Admin Guide it seems that AD and NT Domain authentication can manage the password about to expire (warning as long as 14 days before the password expire). I'm wrong on this? It's on page 163-165 of the SA Admin Guide.

0 Kudos
zanyterp_
Respected Contributor
‎08-25-2011 01:05:PM
‎08-25-2011 01:05:PM

Re: AD Password management -good doc?

That is when you are using the LDAP server type talking to an AD server on the backend. It is in the section regarding LDAP password management and notes about specific policies applicable to the specific LDAP servers the IVE can communicate with (e.g. AD). The table on page 164-165 (using the 7.1R1 admin guide) it shows what you can get with the AD/NT server type.
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.