Expired Password issue

Any update on the issues with expired passwords? We have seen the same
issue other users have reported - and anxiously await some kind of real fix.
Jim

James,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at
http://support.novell.com.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/

Similar Messages

  • Expiring password issue

    I have run into an issue where user passwords expire and the system is not allowing them to change it. Eventually, the account becomes locked and I have to go in and unlock it. Initially, i thought it was a user issue until it happened to my own account as well! I appreciate any help.
    Here's a copy of my /etc/default/passwd and /etc/default/login -- let me know if you need anything else:
    #cat /etc/default/passwd
    MAXWEEKS=26
    MINWEEKS=1
    PASSLENGTH=8
    #NAMECHECK=NO
    HISTORY=4
    #MINDIFF=3
    #MINALPHA=2
    #MINNONALPHA=1
    MINUPPER=1
    MINLOWER=1
    MAXREPEATS=2
    MINSPECIAL=1
    MINDIGIT=1
    #WHITESPACE=YES
    #DICTIONLIST=
    #DICTIONDBDIR=/var/passwd
    /etc/default/login
    #cat /etc/default/login
    #TIMEZONE=EST5EDT
    ULIMIT=0
    CONSOLE=/dev/null
    PASSREQ=YES
    ALTSHELL=YES
    PATH=/bin:/usr/bin:/usr/local/bin:/opt/sfw/bin:/usr/sfw/sbin:/usr/ccs/bin
    SUPATH=/usr/sbin:/usr/bin:/usr/local/bin:/opt/sfw/bin:/usr/sfw/sbin:/usr/ccs/bin
    #TIMEOUT=300
    UMASK=027
    SYSLOG=YES
    #SLEEPTIME=4
    #DISABLETIME=20
    RETRIES=3
    SYSLOG_FAILED_LOGINS=0

    Thanks, but the issue is not whether I can unlock the accounts, but why the user can't change their password once their current password expires. It prompts them to change their password, but it won't accept their new password, even while keeping within the parameters outlined in /etc/default/passwd.

  • 802.1X cannot change expired password at login

    Hi all,
    I'm trying to roll out 802.1X authentication for wifi access at my company, however there's one major problem I can't for the life of me figure out. I'm not able to get the Macs to prompt for a password change when the password has expired at login.
    On Windows when you log in it will prompt you to change your password when it's expired. However on OSX when you're on the workstation login screen, you can see the wireless icon briefly connect, then it will think for a bit and the user cannot log in at all.
    OSX can definitely can change expired passwords via 802.1X, as if I log into a local account and connect to the wifi with the user whose password has expired, it will prompt to change it, and changes it successfully.
    I'm using NPS for RADIUS authentication against AD, and using Profile Manager in OSX Server to create the 802.1X profile.
    Does anyone have any experience with OSX and using WPA Enterprise/802.1X Profiles?
    Thanks!

    Hi,
    Can you post a screenshot for this situation?
    Sometimes, the third party credential provider would lead to some issue like this, I suggest you check the
     current credential provider via the following path:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\x\LastLoggedOnProvider
    You should compare the result with the values in the following path:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\credential providers
    If the current value is third party credential provider, try to disable it:
    To disable the provider add a REG_DWORD value "Disabled"=1 to that provider’s CLSID subkey.
    The provider will be disabled on the next session creation (sessions are created when you log off, switch users, or reboot.
    If you have any feedback on our support, please click
    here
    Alex Zhao
    TechNet Community Support

  • Simple Interface expired password change prompt

    We have a population of users who access GW exclusively through WebAcc. Some of this population has jumped on the mobile device bandwagon and so we've directed them to the simple interface when accessing GW from a mobile device.
    Some of these mobile device users now exclusively use the simple interface on their tablet/phone to access GW and when their password is expired, are never presented with the password change dialogue.
    Ive verified when user with an expired password navigates directly to the simple interface url , https://gwserver/gw/webacc?User.interface=simple, either on a mobile device or desktop browser, IE, FF, Chrome, the user consumes a grace login and is taken directly to the simple interface mailbox.
    Resetting grace logins and navigating to the standard webacc interface the GW password change dialogue is presented as expected.
    GroupWise 8.0.1 webacc on netware. I think wed refrained from going to newer releases in fear of some nasty bugs in the subsequent versions, but Ive not kept current on issues with the latest release.
    I understand the next GW version with native mobile device templates is around the corner, but management may want to address this sooner.
    Is this failure to recognize password expiry in the simple interface a know behavior?
    Regards,
    Fdiaz

    On 8/8/2011 8:36 AM, vodobaas wrote:
    > We have a population of users who access GW exclusively through WebAcc.
    > Some of this population has jumped on the mobile device bandwagon and so
    > we've directed them to the simple interface when accessing GW from a
    > mobile device.
    > Some of these mobile device users now exclusively use the simple
    > interface on their tablet/phone to access GW and when their password is
    > expired, are never presented with the password change dialogue.
    >
    > Ive verified when user with an expired password navigates directly to
    > the simple interface url ,
    > https://gwserver/gw/webacc?User.interface=simple, either on a mobile
    > device or desktop browser, IE, FF, Chrome, the user consumes a grace
    > login and is taken directly to the simple interface mailbox.
    > Resetting grace logins and navigating to the standard webacc interface
    > the GW password change dialogue is presented as expected.
    > GroupWise 8.0.1 webacc on netware. I think wed refrained from going to
    > newer releases in fear of some nasty bugs in the subsequent versions,
    > but Ive not kept current on issues with the latest release.
    > I understand the next GW version with native mobile device templates is
    > around the corner, but management may want to address this sooner.
    >
    > Is this failure to recognize password expiry in the simple interface a
    > know behavior?
    >
    > Regards,
    > Fdiaz
    I'll ask.

  • CFLDAP & Expired password

    Hi,
    We have recently implmented CFLDAP authentication on one of
    our websites & discovered a new issue of expired passwords.
    I have been trying to read attrubutes like maxPwdAge or
    accountExpires but not able to read the values as I guesss they are
    flags. What I found on net is that coldfusion is not capable to
    read ADSI & need to use java or vb object. Is that correct or
    is there any other method of checking the expired password &
    redirecting the page to change password form.
    Thanks in advance
    Any help is greatly appreciated
    Thanks

    alter user <username> identified by <new_password>;
    to make password unexpired:
    in the profile of the user--> alter profile <profile_name> LIMIT password_life_time UNLIMITED;
    *not recommended                                                                                                                                                                                                                                                                                                                                                                                                       

  • Password reset is disabled.  Expired password does not cause reset prompt o

    Server: Oracle 11.2 on Linux Redhat 64-bit. Installed 32-bit 11.2 Oracle full client on Windows 7 64-bit workstation. Setting up user to test expired password promp capability of SQLDeveloper 3.0.0.4. So far, failing every time. Password Reset on menu is disabled. Loging in or testing in properties (Connection) simply fails with ORA-28001: the password has expired. Not sure how to proceed or enable password reset. FYI, connections only work for connection type of Basic and TNS if I disable OCI/thick driver. When enabled, I get "<oracle_home>\bin\ocijdbc11.dll Can't find dependent libraries"
    Not sure how to proceed. Need guidance and instruction or at least point me to documentation please. I'm not finding much on this issue.

    Thanks -K- for the response. I'll try that but it shouldn't be the cause of my issue. You see, a few weeks ago, I had SQLDeveloper installed on all our team's 32-bit Windows XP SP3 workstations. The reported issue was occurring then as well. Since then, the 64-bit Windows 7 workstations arrived and the saga continues:-)
    Any other thoughts on my issue is appreciated.

  • Cannot change password expired password

    Hi there,
    I am not able to change expired password on Windows server 2012. I am getting the error message that "You must change your password before logging on the first time. Please update your password or contact your system administrator or technical support"
    I had similar issue in Windows 2008 servers and was resolved when I changed the the RDP security layer to negociate. But I couldn't find Session host configuration snap-in since RDS is not enabled.
    Any one faced same issue?
    Thanks,
    Ranjith

    Hi Ranjith,
    How are things going?
    You could try to change the Security Layer to
    RDP Security Layer in the Security section of
    Session Collection properties.
    In addition, if you are using remote desktop over RD Gateway, there is no support for being able to use the “User must change password at next logon”.
    Please refer to these two threads which is similar with your issues.
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/320ef31a-1160-4c33-9912-79a3838fc24d/forcefuly-user-should-change-his-password-when-loggin-for-the-first-time?forum=winserverTS
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/8761e29a-72a0-4f9c-b31b-ff81633020dd/user-must-change-password-setting-using-rdp-to-server-2012?forum=winserverTS
    Hope this helps.
    Best Regards,
    Tina

  • Fingerprints and expired passwords

    Hi Community,
    I have recently encountered this problem and I've yet to find a solution for it. Maybe someone here has experienced something similar before and can shed some light on how to fix it.
    I'm on a T410 with XP.
    I use an ActiveDirectory login to access my computer and my password for ActiveDirectory expires every 60 (or 90 days) I believe. In the past, when I was prompted to update my expired password upon logging in, Client Security Solution would pop up and tell me that I'm about to update a password already existed in the record and it simply updates it and everything syncs up nice and happy.
    This last time, however, I didn't get the Client Security Solution prompt when I attempted to update the expired password, and what has happened, is that now, when I swipe my finger, my old password is entered which obviously fails every time. So I'm having to enter my password every time I log-on making the fingerprint reader rather useless.
    I have attempted finding an entry for "Windows Login" in the Password Manager, but it seems that Windows/AD passwords are stored somewhere separate. My question is, how would I go about updating the password linked to my fingerprint? Do I have to delete the old profiles for my fingerprints and create new ones? Would that even solve the issue?
    Any help/suggestions are kindly appreciated.
    Cheers.
    -Andy

    What website/application are you trying to log into, where password manager is still using the old password?
    Or is this an issue where you can no longer log into windows itself, with your fingerprint?

  • Reset expired Passwords?

    Recently the DBAs overhauled out account policies to have passwords expire every X days. I'm running into my first expired account and I'm getting an ORA-28001: the password has expired error, but no prompt to reset the password.
    I thought I'd put in a feature request for a password reset window for this situation, but it seems that there was already one out there: http://htmldb.oracle.com/pls/otn/f?p=42626:39:2786248920877118::NO::P39_ID:22121
    Closed: "Context menu to Reset Password is available"
    Does anybody know how to go about resetting expired passwords in SQL Developer?

    So my help-desk finally got around to doing an install of the 11g client. Still having an issue. I've done the following:
    -Made my ORACLE_HOME the 11g client base dir.
    -Made %ORACLE_HOME%\bin the first entry in my path
    Still getting the same error. Even tried creating a new connection. I can connect with 11g SqlPlus.
    Any thoughts?

  • Is the email password issue related to my canceled trial .mac account?

    Guys,
    I thought this might be something. My trial .mac account expired and I have been getting password issues ever since. I thought having a mac email account was indefinite, however after speaking with CS, they said an expired .mac account and password issues were correlated.
    So, for those with ongoing password issues, am I assuming these people who are having password issues have an *active* .mac account? Apologies for the newb/green question.
    P.S. I am able to retrieve gmail on my account.
    Message was edited by: jkim2001

    If you've got your .Mac account set up in Mail and the account has expired, that'd be why you're getting password prompts. .Mac email accounts expire with the account--they're not free. Remove the .Mac account from Mail (or pay for it) and the problem should go away.

  • Windows Server 2012 R2 - RD Gateway and expired passwords

    We got tired of script kiddies trying to brute force our old RDP servers, so we thought RD Gateway was a good idea and implemented this on our newest RDS servers.
    That worked fine until the first password change. The support phone got hot for some days.
    I understand after investigating the issue that expired has been a problem in the 2008/2008R2 version of RD Gateway.
    Are expired/change on first logon still a problem in 2012 R2? I fint this strange after seeing all the old complains.
    Are there any solution to this problem (other than running Citrix wich manage password change with no problems)?
    Jens Tore Fremmegaard ::.::.:: ServerParkering AS

    NLA is disabled. This was never a problem when we used 2008 servers.
    On our old 2008 (and 2003 before that) terminal servers the users have always had the opportunity to both change expired passwords and "change password on first logon".
    After migrating to 2012 none of them work.
    We have a script that warns the users prior to password expiry date, but ther's always someone that waits to long. And then they have to call our support techs to get their passwords changed since password change not working on the rds servers.
    Off course they could change it through Exchange OWA, but try to tell that to the CEO that's used to only click their RDS shortcut.
    Jens Tore Fremmegaard ::.::.:: ServerParkering AS

  • Site Login Behavior For SharePoint Foundation 2013 Users With Expired Passwords?

    What are the most user-friendly ways of getting external users with expired AD passwords back into the SharePoint site with a new working password?
    We already send automated email notifications to users reminding them to change their soon-to-expire passwords.  However, sometimes they miss seeing the email notifications before the password expires (such as after returning from vacation or just carelessness
    and lack of attention to email messages) or they see the warning messages and forget to act on it.
    When this happens and they try to log into the SharePoint site from the Internet, their login fails without telling the user the reason they can't log in is because their password expired.  So, they end up confused and call the help desk to get their
    password reset.
    Is there a way to set up SharePoint Foundation 2013 login in a similar way to the OWA login so that, when a user with a correct but expired password tries to log in, it gives them a prompt to set a new password right there rather than just an error indicating
    their login failed for unknown reasons or password is "incorrect?"

    It could be done. You get a different event log entry for an expired login attempt than for a wrong password, 4625 events denote a login failure and an error ID of 23 denotes a logon failure.
    A naff, but simple, approach would be to create a tool that checks your server logon event log for 4625 entries and then emails that user, or the help desk, or security, that they're trying to get onto your system with expired credentials.
    For a more polished experience you've got a lot more work and bluntly it's going to be impractical for you. You'd have to re-write sections of the SharePoint authentication process or intercept the process, both are risky and not a good idea to try.
    There's a really interesting paper here that might be of interest, it won't help you in your current situation but it might shed more light on the overall authentication/authorisation process.
    http://www.sans.org/reading-room/whitepapers/forensics/windows-logon-forensics-34132

  • Which attribute shows if a user has an expired password?

    DSEE 6.3
    I created my own password policy, and applied it to a single user.
    I would like to know which attribute shows if a user has an expired password, and how do I query that attribute for the user. How would I query the time till expiration as well?
    I am basically looking for example queries to such information.
    thanks,

    My limited experience with this sort of thing is to run a query like the following:
    ldapsearch -1TL -h `hostname` -D 'cn=Directory Manager' -b "dc=<your dc>,dc=com" uid=<uid your choice> pwdAccountLockedTime pwdFailureTime pwdLastAuthTim
    e pwdChangedTime passwordRetryCount nscpentrywsi
    This dumps some helpful stuff. I've noticed ... in our ldap instance that a locked account has the following output:
    pwdAccountLockedTime: 000001010000Z
    I don't know why it shows up that way ... but it's something I can key on and search for to find locked accounts. Not necessarily an indication that a password has expired, of course, but sort of interesting to me. An account can be locked for other reasons obviously.
    I think pwdChangedTime might be what you want assuming you know what the password expiration time is set to ...

  • Upgraded to yosemite and now having password issues and slow start up

    I have upgraded my macbook pro to the OS X Yosemite operating system and now encountering start up and password issues.
    Previously on start up my system would go to the log on icon within 10 to 15 seconds of pushing the on button. Now there is horizontal loading indicator bar appearing and takes about 30seconds to 1 minute to go away before getting to the log on screen and if I click on my icon the system goes live on screen without having to put in a password which is an obvious security issue.
    I have tried adding a password however each time I try to put my old password in it tells me it is the wrong one.
    I am operating Yosemite 10.10.2 on a macbook pro with 8gb memory with i7 processor..
    The computer was running perfectly ok before this up grade so I had resisted previous prompts to upgrade due to the bad press this system was getting last year. I thought Apple would have had this all sorted by now??
    I  would appreciate any help if anyone knows how to resolve these issues.

    Install the version of Java they want from here: Java for OS X 2014-001
    See if CS 5.1 launches.
    If not reinstall CS5.1 and any updates.
    Gene

  • Cisco Server VCS C220 M3 Server BIOS password issue

    We have a Cisco Server VCS C220 M3 Server BIOS password issue.
    We needed to turn on Bit locker in the Cisco Server VCS C220. To do this we needed to create an administrator password for the BIOS to turn on trusted Platform Module (TPM). After we set up the administrator password and turn on Security for TPM. We were prompted for the administrator password. It would not let us log in with the administrator password that we created for the BIOS. In the next few days we received a BIOS is corrupted screen (BIOS Flash Image Corrupted *****).We follow procedures to recover the BIOS with the USB stick with recovery .cap file in the root folder. We tried reseating the jumper pg. 35 of the Cisco Server VCS C220 M3 Server of the Installation and Service Guide.
    http://www.cisco.com/en/US/docs/unified_computing/ucs/c/hw/C220/install/C220.pdf
    We were able to bring up the server, but we are still not able to get pass the Admin password issue. We tried to clear the CMOS header with Header J37 page 2-18 but we had no success with clearing out the password prompt. Figure 2-6 Service Header Locations shows the J41 BIOS RCVR boot and J37 Clear CMOS.
    Can anyone provide us documentation of where the pins are located on the motherboard to clear the BIOS password? We are looking for more of a detail picture of the pins please. The documentation is only showing a basic diagram of the header locations.

    You need to look at the CUCM logs for further info on what might have happened, and to make sure your servers are fit for the amount of users, devices, etc. you have in your environment.

Maybe you are looking for