Highlighted
ron-c Absent Member.
Absent Member.
3952 views

Force logoff after password change

Is their a way to force a log off right after a users changes their password.

We sync our Edir and AD user passwords and we have some applications that don't work properly after a password change. If after changing the password and logging right off and back on again the applications work fine.

I am looking for somthing that could automate that since many users forget.

Thanks
Ron
Labels (1)
0 Likes
8 Replies
ScorpionSting Absent Member.
Absent Member.

Re: Force logoff after password change

ron-c;1580641 wrote:
Is their a way to force a log off right after a users changes their password.

We sync our Edir and AD user passwords and we have some applications that don't work properly after a password change. If after changing the password and logging right off and back on again the applications work fine.

I am looking for somthing that could automate that since many users forget.

Thanks
Ron


How are they changing their passwords? CTRL+ALT+DEL? Web? Prompt?

Visit my Website for links to Cool Solution articles.
0 Likes
ron-c Absent Member.
Absent Member.

Re: Force logoff after password change

It is when their password expires and they are forced to change the password.
0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: Force logoff after password change

ron-c;1580652 wrote:
It is when their password expires and they are forced to change the password.


At login I assume... Are the workstations part of the domain or using DLU through ZEN?

Quick and easy and dirty would be to create Loopback driver that sends them an email everytime their password is changed reminding them.

Visit my Website for links to Cool Solution articles.
0 Likes
ron-c Absent Member.
Absent Member.

Re: Force logoff after password change

These workstations are in the domain as well as the users so no zen dlu.

We use the product NVidenity for the password sync.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Force logoff after password change

ron-c <ron-c@no-mx.forums.novell.com> wrote:

> Is their a way to force a log off right after a users changes their
> password.
>
> We sync our Edir and AD user passwords and we have some applications
> that don't work properly after a password change. If after changing
> the password and logging right off and back on again the applications
> work fine.
>
> I am looking for somthing that could automate that since many users
> forget.


If there is two-way synchronization going on between eDirectory and
Active Directory (e.g. password changes in one are reflected to the
other, in both directions), this issue is not uncommon.

Because the password change being performed at the Novell Client
doesn't know "something else" keeps the passwords in sync, by default
the Novell Client is changing both the eDirectory password and then
also the Windows password (if they were both in sync to begin with,
prior to expiration of the eDirectory password).

But what happens there is the eDirectory password is changed
successfully directly by the workstation, which changes just the
public key of the eDirectory user (which is normally what happens when
a user changes their own eDirectory password). But then the Windows
account password change is also performed successfully.

On the Active Directory back-end, this translates into an independent
password change that sets both a new private and public key on the
eDirectory user account. Normally this kind of password change only
happens when a network administrator overrides your password, because
they don't know the existing "old password" and simply need to set a
new eDirectory password.

This doesn't break any of your existing eDirectory NCP connections,
but does prevent your workstation from authenticating to any
additional NCP servers, because the public key of your eDirectory user
is now different from when you established your existing eDirectory
logon session. You have to logout from eDirectory and then log back
on in order to establish a new logon session based on the new public
key that exists on the eDirectory account.

If you know password synchronization is going to occur on the
back-end, one manner in which to avoid the failures you're
experiencing is to set "Windows Password Synchronization" to "Off" in
the "Advanced Login" tab of the Novell Client Properties.

This will disable the Novell Client's assumption that the
/workstation/ is what needs to keep the eDirectory and Windows
passwords in sync. With this setting "Off", the Novell Client will
only change the eDirectory password, and the Windows password will
have to change in response to the back-end actions that sync the
eDirectory password change over to Active Directory.

This eliminates one of the primary reasons users "need to log out
after a password change". The existing eDirectory logon session would
continue to work & be able to authenticate to additional NCP servers,
even though an expired eDirectory password was handled.

Alan Adams
alancrumbadams@drcrumb.com
(for email, remove the crumbs)
0 Likes
ron-c Absent Member.
Absent Member.

Re: Force logoff after password change

Thanks for the reply.

I did try and that and still have the same issue.

If we manually expire a password by setting to a past date\time in consoleone the users is prompted to change their password after changing the password they are sent right back to the novell login screen. This works great for us but we don't manually expire passwords.

If the password expires normally the user is prompted to change their password but the computer continues to login as normal. They are not sent back to the login screen like when we manually expire a password.

Any other option you have to try would be appreciated.

Ron
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Force logoff after password change

ron-c <ron-c@no-mx.forums.novell.com> wrote:

> I did try and that and still have the same issue.
>
> If we manually expire a password by setting to a past date\time in
> consoleone the users is prompted to change their password after
> changing the password they are sent right back to the novell login
> screen. This works great for us but we don't manually expire
> passwords.
>
> If the password expires normally the user is prompted to change their
> password but the computer continues to login as normal. They are not
> sent back to the login screen like when we manually expire a password.
>
> Any other option you have to try would be appreciated.


Just to be clear, the setting of "Windows Password Synchronization" to
"Off" in the "Advanced Login" tab of the Novell Client Properties was
a suggestion towards resolving the "we have some applications that
don't work properly after a password change" aspect of your original
post. Setting up this option changes nothing about whether you'll be
forced to logoff or similar after the handling of an expired password.

Alan Adams
alancrumbadams@drcrumb.com
(for email, remove the crumbs)
0 Likes
ron-c Absent Member.
Absent Member.

Re: Force logoff after password change

I did turn that off and the applications we run that rely on AD still do function. It is like the user is not logged into AD. Logging off and back on again seems to resolve the problem. I am just trying to find a way to have that happen automatically when a password change occurs.

Just to be clear, the setting of "Windows Password Synchronization" to
"Off" in the "Advanced Login" tab of the Novell Client Properties was
a suggestion towards resolving the "we have some applications that
don't work properly after a password change" aspect of your original
post. Setting up this option changes nothing about whether you'll be
forced to logoff or similar after the handling of an expired password.

Alan Adams
alancrumbadams@drcrumb.com
(for email, remove the crumbs)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.