Changing passwords in a PEAP environment

Similar Messages

• ISE 1.1 'Change password on next logon' fails on iPhone / iPad

  Hello -
  We're in the process of implementing an ISE 1.1 server for Guest Wireless Access / BYOD at our company and ran into an issue with authenticating from iPhones / iPads when the account is set with 'change password on next logon' (it's a local account created on the ISE server - not AD). It fails and displays 'unable to join network' on the iPhone. The ISE log shows a '5411: No response received in 120 seconds'. We're able to authenticate from Windows devices and are prompted to change the password during the authentication process. Has anyone else encountered this? If we uncheck the 'change password' box we can authenticate from iPhones & iPads without any issue but we need to have a way for users to set their own password.
  Thanks!
  Bill

  Hi,
  I am encountering the exact same issue in our lab environment, but with AD accounts (We would like customers to be able and connect to the dot1x network with their AD credentials, and based on machine authentication they will or will not get restricted access).
  Just to be clear: the change password functionality works perfect on laptops, but on ipad/android we just cannot connect to the dot1x (PEAP) network when the "change password on next login" checkbox is on.
  Anyone else who can shed some light on this?
  Thanks
  Tom

• ISE and AD.. Users Cant login with domain credentials after changing password

  Hello guys,
  I have ISE 1.2 running in a live environment. I have a problem that users cant login after password has expired and changed. i have enabled password change under AD settings and have also checked the allow password change in the allowed protocols settings for PEAP with retries set to 3. 
  thanks for any help i can get in resolving this issue.

  You have the option to allow guests to change password in the portal settings?

• WebEx Connect Password reset - in SSO environment

  Hi,
  Anybody knows how to recover from a lost password in a SSO environment?
  Either SSO not working, or having lost static admin user.
  When trying the standard password recovery link, got error message:
  Your password is same as your enterprise Single Sign-On password. Please contact your administrator to reset your single sign-on password.

  Then I get forwarded to AOL again. On that website, it seems that I could change the password, and it seems to work. However, when I try to use that password in the WebEx Connect client after that, it still doesn't work.

• Why do we get First operand...error message when trying to change password

  Hi
  I'm new at posting here, so sorry if I'm doing this wrong. I did search first to see if there was info on this already, but I didn't find anything. (If there is already something out there, please point me to it.)
  We are using PeopleSoft Financials 8.8 SP1.
  We have basic workflow enabled in expenses which generates an email to an approver with a link into PS Expenses (right to their worklist area) when they have an expense report to review. When the user clicks the link they are directed to the PS sign on page. Normally they can sign on without any problems. However, if their password has expried they will be redirected to a page which says "Your password has expired. Click here to change your password." When they click the link they recieve a blank page with an error message that starts out as "First operand of. is NULL, ".
  I cannot replicate it in our test environments.
  I have confirmed that we have the PSWDEXPR permission list in our environment.
  I have also confirmed that our template for Change Expired Password is correct (PeopleTools > Portal, Structure & Content > Folder, "Tools - Hidden" > Change Expired Password > Template is PRTL_TEMPLATE_PASSWORD_EXP)
  I have also tried changing our brower cache to 0. (PeopleTools >Personalization >Personalization Options > Option Category Level = PeopleTools, Format tab, User Option of METAXP. I changed METAXP to 0 instead of 900 which was set by default).
  The odd thing is that if the user waits one day, they can use the link in the expense workflow email and change their password no problem.
  Also, when our users do experience this problem, if they log into PeopleSoft without using the link from the expense workflow email the change password function works fine.
  The link seems to be okay since it works fine at all times unless the user is prompted to change their password.
  Any suggestions?

  Try the troubleshooting tips here:
  http://www.infosemantics.com.au/adobe-captivate-troubleshooting/basic-troubleshooting-tech niques
  You may have something in your project on one of the slides that is tripping up the publishing process.

• Jython having issue importing weblogic modules for changing passwords

  I am trying to import some WLST modules into a Jython script as outline in the documentation at http://e-docs.bea.com/wls/docs92/config_scripting/config_WLS.html#wp1019971
  The strange thing is that it says it is a WLST script, but it appears to be a Jython script. I tried performing this import using WLST interactive mode, but this did not work.
  I am passing the passwords as encrypted strings while using the encrypt() function
  Here is the script:
  import sys
  from weblogic.management.security.authentication import UserPasswordEditorMBean
  #To be invoked by java -cp /usr/local/bea/wlserver_10.0/common/lib/jython.jar org.python.util.jython
  #usage: wlst.sh ResetWLPassword.py <current_pass> <user> <new_pass> <adminServerURL>
  #{3DES}/asdfadsf== -
  #{3DES}asdfafdsadsf== -
  myPass = sys.argv[1]
  myUser = sys.argv[2]
  newPass = sys.argv[3]
  adminServerURL = sys.argv[4]
  #Connect
  try:
  connect('weblogic',myPass,adminServerURL)
  except:
  print "Could not connect using supplied credentials"
  dumpStack()
  try:
  print "Changing password ..."
  atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider("DefaultAuthenticator")
  atnr.changeUserPassword(myUser,myuser,newPass)
  print "Changed password successfully"
  except:
  print "Password change failed"
  dumpStack()
  I am receiving the following error message:
  java -cp /usr/local/bea/wlserver_10.0/common/lib/jython.jar org.python.util.jython /tmp/ResetWLPassword.py "{3DES}/adsfadsfadsf==" weblogic "{3DES}asdfadsfasd== " t3://localhost:7003
  sys-package-mgr: can't create package cache dir, '/usr/local/bea/wlserver_10.0/common/lib/cachedir/packages'
  Traceback (innermost last):
  File "/tmp/ResetWLPassword.py", line 2, in ?
  ImportError: No module named management

  blumo wrote:
  You are calling org.python.util.jython again instead of weblogic.WLST like I advised in my first post. Invoke WLST (not jython) and pass your values in cleartext. Like I said in my previous post, I was able to execute your script without issue when calling WLST and passing cleartext values (I did have to modify one line to due a bug in your script -- see my prior posts).This seems to work in terms of getting the code to run, but there is still a problem with passing the arguments to the changeUserPassword() method.
  I entered the sequence of commands in the script manually into WLST and it works without issue. It even works without the import, which is strange that Oracle includes it in their documentation.
  I am going to post the code here, perhaps there is something wrong syntax-wise with the way I am authenticating, but I can't put my finger on it.
  import sys
  from weblogic.management.security.authentication import UserPasswordEditorMBean
  myPass = sys.argv[1]
  myUser = sys.argv[2]
  newPass = sys.argv[3]
  adminServerURL = sys.argv[4]
  #Connect
  try:
  connect(myUser,myPass,adminServerURL)
  except:
  print "Could not connect using supplied credentials"
  dumpStack()
  try:
  print "Changing password ..."
  atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider("DefaultAuthenticator")
  #atnr.changeUserPassword('weblogic','weblogic','12345678')
  atnr.changeUserPassword(myUser,myPass,newPass)
  print "Changed password successfully"
  except:
  print "Password change failed"
  dumpStack()
  throws:
  Connecting to t3://localhost:7003 with userid weblogic ...
  This Exception occurred at Mon Feb 23 11:50:18 PST 2009.
  javax.naming.AuthenticationException [Root exception is java.lang.SecurityException: User: weblogic, failed to be authenticated.]
       at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:42)
       at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:773)
       at weblogic.jndi.WLInitialContextFactoryDelegate.pushSubject(WLInitialContextFactoryDelegate.java:670)
       at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:466)
       at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:373)
       at weblogic.jndi.Environment.getContext(Environment.java:307)
       at weblogic.jndi.Environment.getContext(Environment.java:277)
       at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
       at javax.naming.InitialContext.init(InitialContext.java:223)
       at javax.naming.InitialContext.<init>(InitialContext.java:197)
       at weblogic.management.scripting.WLSTHelper.populateInitialContext(WLSTHelper.java:498)
       at weblogic.management.scripting.WLSTHelper.initDeprecatedConnection(WLSTHelper.java:551)
       at weblogic.management.scripting.WLSTHelper.initConnections(WLSTHelper.java:303)
       at weblogic.management.scripting.WLSTHelper.connect(WLSTHelper.java:201)
       at weblogic.management.scripting.WLScriptContext.connect(WLScriptContext.java:60)
       at weblogic.management.scripting.utils.WLSTUtil.initializeOnlineWLST(WLSTUtil.java:121)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:160)
       at org.python.core.PyMethod.__call__(PyMethod.java:96)
       at org.python.core.PyObject.__call__(PyObject.java:248)
       at org.python.core.PyObject.invoke(PyObject.java:2016)
       at org.python.pycode._pyx6.connect$1(<iostream>:16)
       at org.python.pycode._pyx6.call_function(<iostream>)
       at org.python.core.PyTableCode.call(PyTableCode.java:208)
       at org.python.core.PyTableCode.call(PyTableCode.java:404)
       at org.python.core.PyTableCode.call(PyTableCode.java:287)
       at org.python.core.PyFunction.__call__(PyFunction.java:179)
       at org.python.pycode._pyx18.f$0(/tmp/ResetWLPassword.py:20)
       at org.python.pycode._pyx18.call_function(/tmp/ResetWLPassword.py)
       at org.python.core.PyTableCode.call(PyTableCode.java:208)
       at org.python.core.PyCode.call(PyCode.java:14)
       at org.python.core.Py.runCode(Py.java:1135)
       at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:167)
       at weblogic.management.scripting.WLST.main(WLST.java:106)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at weblogic.WLST.main(WLST.java:29)
  Caused by: java.lang.SecurityException: User: weblogic, failed to be authenticated.
       at weblogic.common.internal.RMIBootServiceImpl.authenticate(RMIBootServiceImpl.java:116)
       at weblogic.common.internal.RMIBootServiceImpl_WLSkel.invoke(Unknown Source)
       at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
       at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:479)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(Unknown Source)
       at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:475)
       at weblogic.rmi.internal.BasicServerRef.access$300(BasicServerRef.java:59)
       at weblogic.rmi.internal.BasicServerRef$BasicExecuteRequest.run(BasicServerRef.java:1016)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
  Could not connect using supplied credentials
  Changing password ...
  Password change failed

• Change Password in SAP BI Portel.

  Hello  All,
  Can anyone tell me how to Costomize the portel PAR File for setting a Tab(Change Password) for changing or resetting password.
  We have BI  NW 7.0 Portel with UME(user management environment) in ABAP.
  Thank you in Advence.
  Regards,
  Nisha Jagtap.

  Hi Eriki,
  My problem is related to the WEB application server (WAS), not the Netweaver Portal.
  BR
  Kent

• How to preserve recently changed passwords during a RPD promotion/overwrite

  Hi All,
  1. We are using BIEE built-in authentication (passwords are stored in RPD file);
  2. Users are allowed to change their passwords at any time;
  3. Other than PD, we also have a DEV and a QA environements where we fix bugs and do minor enhancements;
  the questions is: How can we promote the new RPD file (from QA to PD environment) once it passes testing? If we simply overwrite the RPD file in PD environment, then recently changed passwords (the ones changed & stored in the new RPD file) will be lost. it seems we need to do a merge or something, but we wonder what the Oracle recommended solution is.
  It'd be greatly appreciated if some expert can shine some light on this issue. Thanks!!
  - D

  Yes, great questions.
  I have always used the merge process which is the base of the Obiee software configuration and I never had problem of security.
  As the multi-user environment is based on this process, you normally shouldn't have any problem.
  Do a test before and good backup before migration.
  Success
  Nico
  Below an extract of my notes :
  By default, the Oracle BI repository development environment is not set up for multiple users. However, online editing makes it possible for multiple developers to work simultaneously, though this may not be an efficient methodology, and can result in conflicts, because developers can potentially overwrite each other's work.
  To develop a repository in a concurrent version environment, you have two choices :
  * first of all, you can send the repository to the developer, keep a copy, retrieve it after modification and perform an Merge Repository
  http://gerardnico.com/wiki/dat/obiee/bi_server/obiee_repository_merge
  * second, you can set up a multiuser environment (MUD) which use the notion of Projects to split the work area. It would permit developers to modify a repository simultaneously and then check in changes.
  http://gerardnico.com/wiki/dat/obiee/bi_server/multiuser_environment
  The import option which permit to import a subset of a repository to an other repository, work but is deprecated.

• OIM AD Integration - 'User must change password at next logon'

  Hi,
  These are the issues in OIM AD integration that we are stuck up on:
  Issue:
  1. When OIM Admin resets the password for User1 in OIM, the password is propagated to AD but the ‘User must change password at next logon’ attribute is not updated in AD. As a result, if the User1 logs into AD account (i.e. computer), there is no prompt to change the password.
  2. When AD Admin resets the password for User1 in AD and checks the ‘User must change password at next logon’ flag, the password is propagated to OIM but the ‘obpasswordchangeflag’ attribute (of oblixPersonPwdPolicy class) is not updated in OID. As a result, if the User1 logs into OIM account, there is no prompt to change the password.
  Research:
  1. For case 1 above: When OIM Admin resets the password for User1, the ‘User must change password at next logon’ attribute on the AD process form itself is not getting updated. So the AD Connector doesn’t propagate the attribute to AD.
  2. For case 2 above: When the AD Admin resets the password for User1 in AD, the AD Password Sync connector only sends the password to OIM and not other attribute. So, there is no way to fetch the ‘User must change password at next logon’ attribute and then copy it into ‘obpasswordchangeflag’ attribute in OID.
  Environment Details:
  1. OIM-OAM-OAAM 11.1.1.5 BP02 integrated using OVD-OID 11.1.1.5
  2. AD on WIN 2008 R2.
  3. OIM AD Connector 9.1.1.7.2
  4. AD Password Sync Connector 9.1.1.5
  Any help would be highly appreciated!
  Thanks,
  Kulesh...

  Thanks for your reply again.
  I did not get you completely here. Can you please elaborate on the "process task on the AD Process which passes along the USR_PWD_MUST_CHANGE and immediately sets it to 0 this should work". How many total additional tasks would be needed here?
  what all targets are you provisioning the password to?
  - AD and OID (through LDAPSYNC)
  where are end users allowed to change their passwords on (OIM,AD....??)
  - Both OIM and AD.
  Where can admins change the passwords?
  - Currently they use ARS for such purposes but this is something we need to clearly define. The thing is, they use ARS for whole lot of purposes and we can't dictate/restrict them to use OIM only for password resets. So they may use ARS or OIM.
  What do you suggest?
  Edited by: Kulesh Kane on Nov 8, 2012 11:43 AM

• Changing passwords of oracle users

  Dear all
  I wander is there any problem if changing password of oracle users SAPOWNER, system,sys . (I guess command for that is brconnect -u system/<password> -f chpass -o <sapowner> -p <password>
  ). What about sys and system. (I hope that after changing passwords the system will be functional)
  Which user is used when "sqlplus / as sysdba"
  thank you in advance

  Hello Jan,
  I wander is there any problem if changing password of oracle users SAPOWNER, system,sys
  Well we already discussed the SAPOWNER here: http://forums.sdn.sap.com/message.jspa?messageID=10814500#10814500
  If you change the password of SYSTEM or SYS there will be no problem at all. These users/password combination is not used in a SAP environment unless you explicitly specify the SYSTEM user and password in some BR*Tools calls like brconnect. If you just use the "/" default approach, the OS authentication mechanism (OSDBA) is used - so no issue there at all.
  @Orkun:
  This is not a user, but a role. So when you connect to the database by using "/as sysdba" you will be able to connect to the system by sysdba role not by a user.
  If you use this apporach you are connected with the user SYS - so you are using a user for sure (and btw. you can only logon with SYS by using SYSDBA role). The only difference between "sqlplus / as sysdba" and "sqlplus SYS as sysdba" is, that you are using the specified OSDBA group with the first approach (so no password is required).
  shell> pwd
  /oracle/<SID>/11202/rdbms/lib
  shell> grep dba config.s
  #  SS_DBA_GRP defines the UNIX group ID for sqldba adminstrative access.
          .rename H.16.ss_dba_grp{TC},"ss_dba_grp"
          .globl  ss_dba_grp{RW}
  T.16.ss_dba_grp:
          .tc     H.16.ss_dba_grp{TC},ss_dba_grp{RW}
          .csect  ss_dba_grp{RW}, 3
  # End   csect   ss_dba_grp{RW}
          .string "dba"
  shell> sqlplus / as sysdba
  SQL> SELECT sys_context('USERENV', 'SESSION_USER') FROM DUAL;
  SYS_CONTEXT('USERENV','SESSION_USER')
  SYS
  shell> sqlplus SYS as SYSDBA
  Enter password:
  SQL> SELECT sys_context('USERENV', 'SESSION_USER') FROM DUAL;
  SYS_CONTEXT('USERENV','SESSION_USER')
  SYS
  Regards
  Stefan

• Changed Password Not working after restart[What to do]

  Recently I've changed my password, but it's not working after restart.
  I've noticed that, input option is not taking one of the password characters which is '!'.
  I've the recovery disks, system accepts my fingerprint too.
  Any help will be highly appreciated.
  Thanks.

  Hello,
  Let me explain you what happened.
  One evening I was trying to open my ThinkPad. Usually it asks for
  fingerprint or password(I'm not sure which password, power-on/hard
  drive). But this time I failed using my finger. and I tried with
  password, but could not recall.
  Then I restart and again tried with finger, this time it worked. Now
  after login in Windows XP I removed all old fingerprints and create
  few new. When I create new, it was asking for password, or new
  password to replace. As I could not recall the pass, I've given new
  password to replace.
  Now to check I gave a restart. Fingerprint accepted for Power-on but
  also asking for password again(Now I can see it's for Hard Drive). I
  tried with new password. But it's not working. And even not taking one
  character ('!') of the password.
  Now can you tell me, if I did change password for Hard Drive in the
  last description. Or is that possible to change it from Windows XP
  environment. Else it's possible that the Hard Drive password remain as
  it was which has been set from ThinkVantage before OS boot. Let me
  know if you've any query which I've missed.
  Thanks.

• Exchange 2013 OWA user must change password at next logon not working

  Hi,
  I have installed Exchange 2013 on Windows 2012 Server. I create users in ECP and select "user must change password at next logon" option. When newly created user logs in, the OWA page doesn't prompt for password change and just throws error "The
  user name or password you entered isn't correct. Try entering it again"
  I have enabled Change Password feature in CAS server, but still not working.
  Any answers, suggestions would be great help
  Regards
  Sunil

  Hi Sunil,
  Have you tried as Martina said and does it work?
  If not, please try to set the Minimum Password Age to 1 according to link below. I found some threads which are similar to yours and were solved by this way in Exchange 2013 environment.
  http://support.microsoft.com/kb/827614
  And for further troubleshooting, please create a new user with "user must change password at next logon" option checked and see if he can log on domain-joined PC.
  In addition, please check the event log to see if there is any related error message.
  Regards,
  Rebecca

• If someone has wiped my ipad and changed passwords on icloud how do i get my data back

  if someone has wiped my ipad and changed passwords on icloud how do i get my data back? please could someone help me out thanks

  How did they wipe it?  By using Find My iPad and performing a wipe?  If so, that means they have your icloud ID and password, not a good thing.
  You could try connecting it to iTunes and performing a restore from iCloud.  But if they changed password, then you are out of the loop.  How did they get your password in order to change it?

• How to Enforce User Change Password First Time User in Release 2?

  Hi...
  We discovered in Oracle Directory Manager(in unix is oidadmin), there actualy
  column to expiry date.(the default is 60).
  We follow this notes in metalink..
  Note:176470.1 Subject: How To Pre-Expire Portal Passwords
  Even though the note is for Portal30(release1), we just wangt to try it in our Release 2...
  Extract from the note
  "3. Set the value of the column LAST_PASSWD_CHANGE_TIME in the table WWSEC_PERSON$ in SSO schema to a value older than the password expiration period (default is 90 days) before the current time (e.g. sysdate - 100) for the appropriate user(s)
  4. For example, if you have created a user called TEST
  you would issue a command such as:
  update wwsec_person$
  set LAST_PASSWD_CHANGE_TIME =sysdate-70
  where USER_NAME='TEST';
  commit; "
  But, when we try to login again in the portal, we can still login...
  So, is the function still exist in Release 2?..
  If not, why Oracle Portal throw that function away?
  Why there still columns in WWSEC_PERSON$ that maybe linked to the password problem?
  can anybody help/explain?
  Thanks....

  Rather than rehash what has already been thoroughly discussed, check this thread. This should answer your question.
  Can a user change his own password after admin has set it
  The english version of Jose Troya's blog: http://obiee101.blogspot.com/2008/08/obiee-change-password.html
  Edited by: LC143 on Aug 27, 2008 1:36 PM

• In Portal Anonymous mode - Change password option not coming- login fails

  Hi Experts,
       We are having some application which requires login in anonymous mode. When we click the application and give the user id password, it loggs in properly, there is no problem in that.
      But if the password is reset by administrator, then when entering the reset password given by admin it should ask to change the password. This is happening in normal scenario(/irj/portal), but when try the same in anonymous mode(irj/portal/anonymous) where the prompt is from the login required application, then it says login failed instead of giving the change password and confirm password screen.
  Appreciate your help in solving this issue. I hope many would have faced similar situation.
  Thanks
  Yusuf

  Hi Yusuf.
  Do you use a standard or custom login module for your application?
  More likely the used login module does not have a logic that handles such scenario as a change of user's password.
  In this case you need to implement a custom module with a required functionality.
  Best regards,
  Aliaksandr Zhukau