Windows Local username password and OES password not maching
We are running eDirectory v9.0.3[DS] for Linux. Everything is very simple and almost minimal. We do not have Identity Manager installed. The workstations are mostly Windows 7 Pro but we do have some Windows 10 Pro and even a couple of XP's running. Each one has Client for OES installed and updated. The default sequence for logging is NDS.
Our users are setup the following way:
- We create a local Windows user with "username" and "password"
- We create an eDirectory user object with the same "username" and "password" as the local user.
- When login we check the box "Windows Password Synchronization"
- Without creating passwords policies we set up each user to be allowed to change the password, the minimum length and the days before it expires.
The problem is that every now and then the local windows user password does not match the Network Password. Users put in their eDirectory credentials, Network login is successful but are then asked for the Windows password. This seems to happen without a particular pattern, at least I cannot find it. Both Windows 7 and Windows 10 machines do this. It's not even after a password change, one user had 3 days before their Network password expires and this happened. It seems as if the Windows password has changed on it's own.
Can anyone direct me to as to what may be causing it or how to proceed with troubleshooting this ?
Re: Windows Local username password and OES password not maching
If you do NOT use Universal Password, your eDir passwords are NOT case-sensitive and hence the following might happen:
Assume "userA" with password "Novell" (uppercase "N") defined for eDir and Windows. Now one day the user occasionally types "novell" (lowercase "n"). eDir login will succeed (as it's not case-sensitive), but the user will be prompted for the Windows password. He types it in (this time the "correct" way, i.e. "Novell") and checks the "synchonize" box. Now behind the scenes his Windows password will be changed to "novell". The very next day, when logging in, he types "Novell" as he's not aware that something has changed. Again, eDir login will succeed, but as the Windows password is by now "novell" he'll get prompted for a password. Now he'll likely type in "Novell" 'til the end of days without getting any further until someone with elevated rights resets the password.