[41004] in Resnet-Forum
Re: Password reset problems
daemon@ATHENA.MIT.EDU (Horm, Justin)
Fri Feb 5 10:58:09 2016
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_BLUPR0601MB0964DB1C1F39745B4AC73FC8F3D20BLUPR0601MB0964_"
MIME-Version: 1.0
Message-ID: <BLUPR0601MB0964DB1C1F39745B4AC73FC8F3D20@BLUPR0601MB0964.namprd06.prod.outlook.com>
Date: Fri, 5 Feb 2016 15:46:26 +0000
Reply-To: Resnet Forum <RESNET-L@LISTSERV.ND.EDU>
From: "Horm, Justin" <Justin.Horm@SJC.EDU>
To: RESNET-L@LISTSERV.ND.EDU
In-Reply-To: <C9753E8B40870A488B0D4E8D50FAC15A0EDE027E@Messenger9.central.edu>
--_000_BLUPR0601MB0964DB1C1F39745B4AC73FC8F3D20BLUPR0601MB0964_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hello.
If you are using AD to authenticate users when they connect to your wireles=
s network, you should be able to look up client information in the wireless=
controller or associated network management software for that wireless con=
troller. You should see the AD usernames for all the devices registered on=
the network, and whether or not they are currently assigned IP addresses, =
including multiple devices per user and likely even the type of device.
When you look at the Network Policy and Access Services logs on your AD ser=
ver, you will see the LDAP queries coming from the wireless controller that=
is making the LDAP connection with your AD server, but not the actual IP a=
ddress for the user. But, the wireless system will hopefully hold the answ=
er to your question.
Justin R. A. Horm
Network Manager
St. John's College
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] On Behalf Of Sandy Ver=
hoef
Sent: Friday, February 05, 2016 10:14 AM
To: RESNET-L@LISTSERV.ND.EDU
Subject: Password reset problems
Help!
We use AD to authenticate our systems; and recently required all users to c=
hange their passwords. We also implemented a program from PortalGuard for =
self service password changes. This seemingly simple process is causing the=
Help Desk nightmares! Users have to remember to change passwords on all de=
vices using our wifi and on mobile apps like email that sync with our serve=
rs. Following is the problem:
Out of the clear blue, several days or even weeks after a seemingly success=
ful password change, users are getting locked out of their accounts, the AD=
Lockout and Bad Passwords tool we are using indicate bad passwords. My que=
stion for you: Do you know of a tool that works with AD that will tell us t=
he ip# or device that is showing a bad password?
We are spending way to much effort in trying to track down what is causing =
this! Thank you so much in advance of your help.
Sandra Verhoef
Central College
IT Services
Director of Computer Support Services
641.628.7692
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_BLUPR0601MB0964DB1C1F39745B4AC73FC8F3D20BLUPR0601MB0964_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Copperplate Gothic Light";
panose-1:2 14 5 7 2 2 6 2 4 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">Hello.<o:p></o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p> </o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">If you are using AD to=
authenticate users when they connect to your wireless network, you should =
be able to look up client information in the wireless controller or associa=
ted network management software for
that wireless controller. You should see the AD usernames for all th=
e devices registered on the network, and whether or not they are currently =
assigned IP addresses, including multiple devices per user and likely even =
the type of device.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p> </o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">When you look at the N=
etwork Policy and Access Services logs on your AD server, you will see the =
LDAP queries coming from the wireless controller that is making the LDAP co=
nnection with your AD server, but not
the actual IP address for the user. But, the wireless system will ho=
pefully hold the answer to your question.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p> </o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">Justin R. A. Horm<o:p>=
</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">Network Manager<o:p></=
o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D">St. John’s Colle=
ge<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p> </o:p></spa=
n></p>
<div>
<div style=3D"border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b>From:</b> Resnet Forum [mailto:RESNET-L@LISTSERV.=
ND.EDU] <b>
On Behalf Of </b>Sandy Verhoef<br>
<b>Sent:</b> Friday, February 05, 2016 10:14 AM<br>
<b>To:</b> RESNET-L@LISTSERV.ND.EDU<br>
<b>Subject:</b> Password reset problems<o:p></o:p></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">Help!<br>
We use AD to authenticate our systems; and recently required all users to c=
hange their passwords. We also implemented a program from PortalGuard=
for self service password changes. This seemingly simple process is causin=
g the Help Desk nightmares! Users have
to remember to change passwords on all devices using our wifi and on mobil=
e apps like email that sync with our servers. Following is the problem:<o:p=
></o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">Out of the clear blue, several days or even weeks af=
ter a seemingly successful password change, users are getting locked out of=
their accounts, the AD Lockout and Bad Passwords tool we are using indicat=
e bad passwords. My question for you:
Do you know of a tool that works with AD that will tell us the ip# or devi=
ce that is showing a bad password?
<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">We are spending way to much effort in trying to trac=
k down what is causing this! Thank you so much in advance of your help.<o:p=
></o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal"><b><i><span style=3D"font-family:"Copperplate G=
othic Light",sans-serif;color:#17365D">Sandra Verhoef<o:p></o:p></span=
></i></b></p>
<p class=3D"MsoNormal"><b><i><span style=3D"font-family:"Copperplate G=
othic Light",sans-serif;color:#17365D">Central College<o:p></o:p></spa=
n></i></b></p>
<p class=3D"MsoNormal"><b><i><span style=3D"font-family:"Copperplate G=
othic Light",sans-serif;color:#17365D">IT Services<o:p></o:p></span></=
i></b></p>
<p class=3D"MsoNormal"><b><i><span style=3D"font-family:"Copperplate G=
othic Light",sans-serif;color:#17365D">Director of Computer Support Se=
rvices<o:p></o:p></span></i></b></p>
<p class=3D"MsoNormal"><b><i><span style=3D"font-family:"Copperplate G=
othic Light",sans-serif;color:#17365D">641.628.7692</span></i></b><o:p=
></o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ti=
mes New Roman",serif">________________________________________________=
___ You are subscribed to the ResNet-L mailing list.
<o:p></o:p></span></p>
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">
http://LISTSERV.ND.EDU/archives/resnet-l.html</a> _________________________=
__________________________
<o:p></o:p></p>
</div>
</body>
</html>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--_000_BLUPR0601MB0964DB1C1F39745B4AC73FC8F3D20BLUPR0601MB0964_--
