Highlighted
Regular Contributor.
Regular Contributor.
269 views

Windows Local username password and OES password not maching

Jump to solution

Hello,

We are running eDirectory v9.0.3[DS] for Linux. Everything is very simple and almost minimal. We do not have Identity Manager installed. The workstations are mostly Windows 7 Pro but we do have some Windows 10 Pro and even a couple of XP's running. Each one has Client for OES installed and updated. The default sequence for logging is NDS.

Our users are setup the following way:

  1. We create a local Windows user with "username" and "password"
  2. We create an eDirectory user object with the same "username" and "password" as the local user.
  3. When login we check the box "Windows Password Synchronization"
  4. Without creating passwords policies we set up each user to be allowed to change the password, the minimum length and the days before it expires.

The problem is that every now and then the local windows user password does not match the Network Password. Users put in their eDirectory credentials, Network login is successful but are then asked for the Windows password. This seems to happen without a particular pattern, at least I cannot find it. Both Windows 7 and Windows 10 machines do this. It's not even after a password change, one user had 3 days before their Network password expires and this happened. It seems as if the Windows password has changed on it's own.

Can anyone direct me to as to what may be causing it or how to proceed with troubleshooting this ?

Thanks,

Labels (3)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Knowledge Partner
Knowledge Partner

If you do NOT use Universal Password, your eDir passwords are NOT case-sensitive and hence the following might happen:

Assume "userA" with password "Novell" (uppercase "N") defined for eDir and Windows. Now one day the user occasionally types "novell" (lowercase "n"). eDir login will succeed (as it's not case-sensitive), but the user will be prompted for the Windows password. He types it in (this time the "correct" way, i.e. "Novell") and checks the "synchonize" box. Now behind the scenes his Windows password will be changed to "novell". The very next day, when logging in, he types "Novell" as he's not aware that something has changed. Again, eDir login will succeed, but as the Windows password is by now "novell" he'll get prompted for a password. Now he'll likely type in "Novell" 'til the end of days without getting any further until someone with elevated rights resets the password.

 

If you like it: like it.

View solution in original post

3 Replies
Highlighted
Knowledge Partner
Knowledge Partner

If you do NOT use Universal Password, your eDir passwords are NOT case-sensitive and hence the following might happen:

Assume "userA" with password "Novell" (uppercase "N") defined for eDir and Windows. Now one day the user occasionally types "novell" (lowercase "n"). eDir login will succeed (as it's not case-sensitive), but the user will be prompted for the Windows password. He types it in (this time the "correct" way, i.e. "Novell") and checks the "synchonize" box. Now behind the scenes his Windows password will be changed to "novell". The very next day, when logging in, he types "Novell" as he's not aware that something has changed. Again, eDir login will succeed, but as the Windows password is by now "novell" he'll get prompted for a password. Now he'll likely type in "Novell" 'til the end of days without getting any further until someone with elevated rights resets the password.

 

If you like it: like it.

View solution in original post

Highlighted
Regular Contributor.
Regular Contributor.

Hello,

First of, thanks for the quick reply.

Indeed Universal Password is not implemented. What you have described may very well be the cause of my headaches.

After a quick check, the primary users that complain had the option to Automatically sync Windows Password enabled in their OES Client settings. For now, removing that will prevent unwanted synchronizing, until we make some policies and force Universal Password.

Thanks for the help!

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

That should do it for the time being, but on the long haul it's about time for UP. Users normally get confused of one password is case-sensitive while another is not. You can implement it without any restrictions so that it'll be enforced "on the fly" without even setting a new one.

 

 

If you like it: like it.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.