NDS 4.16 Auth Solaris 8, password aging support or not?
I have set up a Netscape Directory Server from version 4.13 to 4.16 for auth Solaris 8. I find the password policy do not affect to the Solaris users. Also, the group of the LDAP show in the number.
-rw-r--r-- 1 test2 11 0 Nov 21 16:26 test2
The number 11 should be the group name refer to LDAP but the user test2 is a LDAP's user and group policy is working.
Please help!!
Lucas
The Solaris 8 authentication through LDAP does not support the Password Policy yet.
Ludovic.
Similar Messages
-
SCCM 2012 Password Age and if not set to Expire
Hi,
I browsed the Resource Explorer in SCCM 2012, and found that it shows the Age a person last changed their passwords.
Can anyone assist me on how to get that data out of SCCM 2012?
Kind RegardsIf you are talking about reports, First you need to configure sccm to collect that attribute from AD in the
ad user discovery properties on Active directory Attributes tab. After the successful collection of those attributes you can query against "v_R_User" view and extract the information.
Adding the attribute Pwd-Last-Set and msds-UserPasswordExpiryTime0 to user inventory would be of some help.
Delphin -
Enhanced login security and password ageing in SAP R3 Enterprise 110
Hi,
today we will activate "Enhanced login security and password ageing" on our R3 (SAP R3 Enterprise 110) development environment.
new parameters
Enhanced login security and password ageing
login/min_password_lng = 8
login/password_expiration_time = 365
login/min_password_diff = 2
login/min_password_letters = 1
login/min_password_digits = 1
anyone any expirience on possible problems which can occur after activating these new settings.
Many thanks in advance
Patrick Van VlerkenNo... this should do what it sais in the tin.
Read,
http://www.*********************/password_sap.htm
Regards
Juan -
IDS 5.0 SP2 + Solaris 8 password problem
Iplanet version : iDS 5.0 SP2 + Solaris 8
Password:
user must change password after reset : yes
user may change password : yes
allow changes in 0 days
keep password history : yes
remeber 6 password
Password expires after 90 days
send warning 7 days before password expires
check password syntax : yes
password min length : 6
Account lockout:
Account maybe lockout : yes
Lockout account after 3 login failures
reset failure count after 525600 minutes
Lockout forever : yes
We discovered that when the user password is expired due to the field 'passwordexpirationtime' is past, there are two types of password expiration within iplanet ldap. One type of expiration will allow user to change the password by themselves, however, the other type did not
We discovered that when we put a 'Z' on the field passwordexpirationtime, it will show the first type of password expiration that user can change their password. When we remove the 'Z' from the field passwordexpirationtime. it will not allow the user to change the password by themselves, we provide a screen dump at the end.
Moreover, the problem may be triggered by other event instead of adding a 'Z' on the passwordexpirationtime field
Here is the screen dump for you to investigate, you can see that the output with 'DSA is unwilling to perform' is the type where user can change their password, while the output with 'Invalid credentials' is the type where user CANNOT change their password.
Case 1
======
%ldapsearch -p 3389 -b o=orange,c=us uid=john passwordexpirationtimeuid=john,o=jpmorgan,c=us
passwordexpirationtime=19900101000000Z
%ldapsearch -v -p 3389 -D uid=john,o=orange,c=us -w abc123 -b o=jpmorgan,c=us uid=john
ldap_init(localhost, 3389)
filter pattern: uid=john
returning: ALL
filter is: (uid=john)
ldap_search: DSA is unwilling to perform
0 matches
Case 2
======
%ldapsearch -p 3389 -b o=orange,c=us uid=john passwordexpirationtimeuid=john,o=jpmorgan,c=us
passwordexpirationtime=19900101000000
%ldapsearch -v -p 3389 -D uid=john,o=orange,c=us -w abc123 -b o=jpmorgan,c=us uid=john
ldap_init(localhost, 3389)
ldap_simple_bind: Invalid credentials
ldap_simple_bind: additional info: password expired!
I know there's nothing to do with 'zuru' suffix, ldap schema supports both of attribute
values format. But this happen in my LDAP. Any hints?
Question:
- Under what condition the LDAP will complain "DSA is unwilling to perform" or
"Invalid credentials"
- Any hints to resolve the problemIf something had changed recently, drill into that.
Do a hardware RAM test to confirm HW level soundness.
You may capture the core dump or similar information and send it to Microsoft for analysis.
They may ask you to do the usual thing: apply W2KSP4 and/or OS and security patches.
You also have the option of migrating IDS5.0/Windows to IDS5.2Patch3 (also as Sun Java System DirSvr 5.2) running on Solaris10 x86.
Gary -
Password aging on individual accounts
Hi,
I have password aging enabled on this server. The MAXWEEKS is set to 13. After an audit, the MAXWEEKS has to be set to 12. If I do that, will all users currently at 91 days go to 84, or do I have to alter each one individually as well? Like if I change the /etc/default/passwd, will that only take effect for new users (which I suspect is the case)? How can I set each current userid from 91 days to 84? Also there are some IDs with no password again enabled. How can I enable it for a single userid?
Thank you,
S.Changes to /etc/default/passwd file do not update existing fields in the /etc/shadow file.
The passwd command has some options that allow you to set these values. The following will change a user's max to 91:
# passwd -x 91 <login>
Now all you need is a script to loop through each user account and make the change. For ksh it would lool like this:
for username in `awk -F: 'print{ $1}' /etc/shadow`
do
passwd -x 91 $username
doneYou probably ought to test this first, though, and make sure you'll get the results you need. -
Password aging with ACS + UCP in a wireless network.
Hello
We want to use ACS in our wireless network, but we would like to allow users to change their own passwords, so we want to use UCP.
Additionally, we want to force them to change their passwords after a period of time or number of logins.
Is it possible to use password aging based on time or number of connections when users connect through UCP web interface?
Also, does using UCP requiere some kind of additional license/payment?
Thanks.Juilo,
No the UCP sample scripts have to run on a seperate ACS server and you have to enable the ucp intefaces through the cli to accept the UCP requests from the other server.
Here is a link that will help you.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/admin_config.html#wp1105672
Tarik Admani
*Please rate helpful posts* -
Password Aging & Account Lockout in ACS 4.2
I have a requirement that in ACS the user accounts should get disabled after 1 day , so in the group setting under the Password Aging Field I configured the same as 1 day , the Grace & Warning Period is 0 days
I want that all these user accounts would be active for 30 days , and the moment the account is used (i.e the Start Message appears in the Radius Accounting ) then after 1 day from the usage then as per the Password Aging Rule the account should get expired.
Now my query is this password aging rule will start from the day I create the account in the ACS or from the day the user logs in.
I don’t want to use the Account Lockout Tab as I don’t know when the guest account would be used.
Request someone to help pls clarify my doubt.
RegardsHi Yusuf,
Password Aging on ACS will just prompt to change the password. it will not disable the account.
The Account is present on the AD. So the Disabling and lockout features for an account will come from the AD.
I don't think a change in password for a guest account is what you would want to do.
Also according to me disabling the account should be a feature only for the AD admin and not open. A lockout can definately happen but that also has to be defined on the AD.
The link to password Aging on ACS is as follows:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/GrpMgt.html#wp525115
Hope this helps.
Regards,
Anisha
P.S.: please mark this string as answered if you feel the query is answered. -
Does any one know how to read the Password Aging info from SunOne Directory server using JNDI? I need the password expiration details to be very specific.
Never used JNDI before but you can read from standard command line as follows ....
/usr/bin/ldapsearch -h ldaphost -D "cn=Directory Manager" -w shroot -b "cn=proxyagent,ou=profile,dc=marconi,dc=dddd,dc=eeee,dc=com" "objectclass=*" createtimestamp
/usr/bin/ldapsearch -h ldaphost -D "cn=Directory Manager" -w shroot -b "cn=proxyagent,ou=profile,dc=marconi,dc=dddd,dc=eeee,dc=com" "objectclass=*" passwordexpirationtime
/usr/bin/ldapsearch -h ldaphost -D "cn=Directory Manager" -w shroot -b "cn=proxyagent,ou=profile,dc=marconi,dc=dddd,dc=eeee,dc=com" "objectclass=*" pwdchangedtime -
How to recover sun solaris 10 password
i have install virtual machine some day back and set password for user name root. today when i try to login on that machine i forget the password.what should i do in order to recover the password for root.
Use Google:
keywords "+solaris root password+"
See more than 4000 search results.
Alternative?
Start all over again and reinstall the OS from the beginning. -
Solaris root password & installer
I have installed oracle solaris 11 exp, but :
I have difficulties finding root password, have tried solaris & my user password but it's not going,
during the installation I have used solaris passwrd for the partition manager and it worked, but no later,
I also would like to ERASE ALL PASSWORDS of the system, ... give password, give password, give password, it gives you a headache,
and by the way, do I have to buy an application installer or I have with the package?
thank in advance,
max.root is a role by default in Solaris 11, so i don't think it actually have a password, or am i wrong here? You can set a password by running pfexec passwd rood from the user who you created as an administrative user..
.7/M. -
Display a banner at bootup, how to setup password aging.
I trying to implement some DOD security measures and I just can't find how to make the changes. Anyone have any suggestion for the following issues.
warning banner at bootup, password aging every 90 days,I trying to implement some DOD security measures and
I just can't find how to make the changes. Anyone
have any suggestion for the following issues.
warning banner at bootup, password aging every 90
days
You could set up your courses so that everything needed authentication, which would prevent the public from browsing them. As far as a warning banner and password aging goes, could the warning banner appear on your authentication page? Or perhaps just on the iTunesU banner after they log in?
Password aging would be handled by whatever authentication you'd using to access iTunesU. While you can (eventually) setup roles in iTunesU to augment authentication, it's assumed that you'll extend your campus authentication scheme to control access to the iTunesU site.
Ken Newquist
Lafayette College -
Password aging for externally authenticated user
Hello All:
How can we implement the password aging of externally authenticated user.
Thanks
San~If the user is externally authenticated, then the password expiry should be external. E.g for the unix account.
"When you choose external authentication for a user, the user account is maintained by Oracle, but password administration and user authentication is performed by an external service. This external service can be the operating system or a network service, such as Oracle Net.
With external authentication, your database relies on the underlying operating system or network authentication service to restrict access to database accounts. A database password is not used for this type of login. If your operating system or network service permits, you can have it authenticate users. If you do so, set the initialization parameter OS_AUTHENT_PREFIX, and use this prefix in Oracle user names. The OS_AUTHENT_PREFIX parameter defines a prefix that Oracle adds to the beginning of every user's operating system account name. Oracle compares the prefixed user name with the Oracle user names in the database when a user attempts to connect." -
ACS V 4.1.1 build 23 Password Aging over SSH does not work.
Hi, my name is Elias and I have problems with ACS Password Aging over SSH does not work and there is no password aging meseges sent by ACS to de console when I use SSH. I know that there is problems with this but I can't find any workaround or documentation that says that there is no workaroun. Can you help me with this??
King Regards.Hey Elias,
SSHv1 does not support password changes as you can do in telnet. You will need to be
running a version of IOS that supports SSHv2.
The following site explains what versions support this:
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps5207/products_feat
ure_guide09186a00802045dc.html
Rgds,
somishra -
Logging HTTP Auth Login and Password
Hi,
I'm making a small Webserver where everything is protected behind an Authentification. I would like to log every good and bad tries, to know who's trying to access my Webserver and with which credentials. I'm actually using lighttpd, but I found nothing.
I heard about libapache2-mod-auth-mysql, but I read it's not available on Arch Linux natively and I'm not even sure it's doing what I want.
Any other idea?
Thanks a lot!
Last edited by jpmonette (2011-01-12 19:43:02)Hello,
It seems your aren't in the user list of SSRS.
Are you the admin of the system? If so then in start menu right-mouse click on Internet Explorer => "Run as Administrator" and then open the url again, you should be able to connect to SSRS. Then goto "Site settings" (right side on top) => tab "Security"
and add there your Windows account with role membership "System administrator". Then you should be able to open IE as "normal" user to connect to SSRS.
Olaf Helper
* cogito ergo sum * errare humanum est * quote erat demonstrandum *
Wenn ich denke, ist das ein Fehler und das beweise ich täglich
Blog
Xing -
Exchange 2013 OWA user must change password at next logon not working
Hi,
I have installed Exchange 2013 on Windows 2012 Server. I create users in ECP and select "user must change password at next logon" option. When newly created user logs in, the OWA page doesn't prompt for password change and just throws error "The
user name or password you entered isn't correct. Try entering it again"
I have enabled Change Password feature in CAS server, but still not working.
Any answers, suggestions would be great help
Regards
SunilHi Sunil,
Have you tried as Martina said and does it work?
If not, please try to set the Minimum Password Age to 1 according to link below. I found some threads which are similar to yours and were solved by this way in Exchange 2013 environment.
http://support.microsoft.com/kb/827614
And for further troubleshooting, please create a new user with "user must change password at next logon" option checked and see if he can log on domain-joined PC.
In addition, please check the event log to see if there is any related error message.
Regards,
Rebecca
Maybe you are looking for
-
Over a week ago I updated my computer to Firefox 4.0. Since then my computer is very slow accessing the internet, websites and getting information from within a website. Also, a tool bar has shown up for YAHOO which I did not request. The old detaile
-
Programming and Network Information Needs for my Wireless Network
I am looking for a solution to two objectives for my router (currently the airport extreme within my time capsule): 1. Is there software that, in plan english, will give me a list of the computers and devices that are on using my router and that will
-
How to rename a new folder in the project library in FCPX
How do I rename a new folder in the project library in FCPX? Thanks
-
Another problem with swfloader (subapplication) and gc
I am trying to load a swf sub-application using the swfloader. I know that this is a well-discussed topic but i cannot find the reason why the air gc does not get rid of the loaded subapplication or -in a better way- why does it get rid of some intan
-
How to make a call in j2me using bluetooth technology?
Hi All, I wanted to make a call to another device which is in my bluetooth range i wanted to know how to make such a call?And i have heard that using bluetooth for making calls we can only do half duplex communication that is at a time only one perso