Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active Directory Password Change

TheHorse13_
Contributor
‎07-30-2008 10:56:AM
‎07-30-2008 10:56:AM

Active Directory Password Change

For years, we've allowed users to change their AD passwords within the VPN. However, when Active Directory sends out the standard 14 day notification that your password is going to expire, it doesn't pass-thru the VPN to the end user. The account simply locks out and they perceive some sort of problem with the VPN when what really happened is their AD passwords expired. Is there a release that will pass Active Directory notifications down to the VPN client? It would be most helpful for our remote staff, which has grown 200% since the economy tanked.

Thanks.

0 Kudos
5 REPLIES 5
privatepile_
Contributor
‎07-30-2008 11:52:AM
‎07-30-2008 11:52:AM

Re: Active Directory Password Change

You must use secure ldap to enable password change, and I believe this is an additional license. I have it setup on my 4000, but I did it so long ago I can't really give you a step by step. I recall installing certificate services and uploading a cert from the DC into the SA, but it's very vague. Check the KB.

http://support.microsoft.com/kb/321051 (uses a public cert, but I think you can use your Certificate Services instalation to do the same.)

0 Kudos
privatepile_
Contributor
‎07-30-2008 11:54:AM
‎07-30-2008 11:54:AM

Re: Active Directory Password Change

Note - I always use LDAP /w AD. There may be a different way of doing it with the AD auth option in the SA.
0 Kudos
Another_Mike_
Occasional Contributor
‎07-30-2008 02:35:PM
‎07-30-2008 02:35:PM

Re: Active Directory Password Change

Check out ...

 

http://kb.pulsesecure.net/KB7896

 

And bear in mind, in the solution where it says 'Confg as an LDAP server' it should probably say 'Config as an LDAPS server' since ...

 

"When changing passwords in Active Directory using LDAP, the IVE automatically switches to LDAPS, even if LDAPS is not the configured LDAP method. To support LDAPS on the Active Directory server, you must install a valid SSL certificate into the server’s personal certificate store" (sry - can't find an easy link to that, but its hidden in the online help and I assume, the admin guide somewhere)

Message Edited by KB_Fan on 12-30-2008 06:51 AM
0 Kudos
JW_
Occasional Contributor
‎07-30-2008 03:53:PM
‎07-30-2008 03:53:PM

Re: Active Directory Password Change

That's correct. LDAPS has to be used. It's kind of a gotcha. We have it set up on an SA 4000 with build

number 5.5 r2.1 and it doesn't work - doesn't prompt when password is soon to expire.

We have to upgrade to make it work. (surprise). We have another set up of SA 4000s in test and it works fine with the latest build number - 6.2 etc. Hardest thing to set up was the LDAP query...

Also, don't forget to enable preferences on the UI for the users as it gives the users the flexibility to change their own password if necessary. ( if you haven't already )

Message Edited by JW on 07-30-2008 03:56 PM
0 Kudos
Jickfoo_
Super Contributor
‎08-01-2008 06:04:AM
‎08-01-2008 06:04:AM

Re: Active Directory Password Change

If you are using Windows Server, install Certificate Authority Services on the domain controller. This will allow for LDAPS to be used against the DC.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.