Problem with proxy user changing passwords (forgot password) after domain rename

246 views
Skip to first unread message

thej...@gmail.com

unread,
Jul 11, 2017, 7:27:47 PM7/11/17
to pwm-general
Hi,

We just performed an AD Domain rename and are having some issues using PWM to reset passwords now. It was working pretty perfectly before the rename. Here are the symptoms:

-If a user knows their account name and password, they can log on to PWM and change the password successfully and without issue

-If a person forgets their password, the "forgot password" link correctly sends them an email, but no matter what combination of characters they use for the new password, the error message is always "New password does not meet rule requirements"

-In reference to the above error message, I've tested the LDAPS connection we have set up in
LDAP -> LDAP Directories -> default -> Connection -> Test LDAP Connection and receive the result "GOOD: All configured LDAP servers are reachable"

-I've gone through both the GUI Configuration Manager and the config file PwmConfiguration.xml looking for the places where LDAP objects need to be changed and believe they are all changed to the correct new domain and OUs.

-For some reason, only SAMAccountName user IDs are logging in correctly. UserPrincipalName (UPN) user IDs are no longer logging in correctly.


I'm at a loss here for what to do next for troubleshooting. Anyone have ideas of logs to check to figure out these errors? Anything jump out as the issue?

Thank you,

-Chris

thej...@gmail.com

unread,
Jul 13, 2017, 2:10:54 PM7/13/17
to pwm-general, thej...@gmail.com

Anyone able to help with a little direction? Am I asking the question wrong? I'm putting in effort to figure out what is not working but have hit a sticking point...

Appreciate any help,

-Chris

Jason Rivard

unread,
Jul 14, 2017, 4:48:45 PM7/14/17
to pwm-general, thej...@gmail.com
You might try re-importing certificates.   Also make sure all the DNS entries are correct for the SSPR server, remember that AD sends references to DNS addresses based on ou names, so make sure all things DNS are correct.  In logs you might see connections to odd DNS addresses failing...   You could try deleting and re-creating the ldap profile, there's nothing 'hidden' in there but it might make you fix any settings that are off by going through the config again.

Jason Rivard

unread,
Jul 14, 2017, 4:48:53 PM7/14/17
to pwm-general, thej...@gmail.com
You might try re-importing certificates.   Also make sure all the DNS entries are correct for the SSPR server, remember that AD sends references to DNS addresses based on ou names, so make sure all things DNS are correct.  In logs you might see connections to odd DNS addresses failing...   You could try deleting and re-creating the ldap profile, there's nothing 'hidden' in there but it might make you fix any settings that are off by going through the config again.

On Tuesday, July 11, 2017 at 7:27:47 PM UTC-4, thej...@gmail.com wrote:

babytur...@gmail.com

unread,
Aug 17, 2018, 8:12:51 PM8/17/18
to pwm-general
Check here:
https://groups.google.com/forum/#!topic/pwm-general/rHT1qAX4LHE
Reply all
Reply to author
Forward
0 new messages