Protected Users with credential provider
47 views
Skip to first unread message
Delooo
Nov 10, 2025, 8:01:24 AMNov 10
to RCDevs Security
Has anyone experienced login failures with an admin user added to the Active Directory 'Protected Users' group when using the RCDevs Credential Provider on a Windows server? Despite always signing in with the UPN and ensuring Kerberos is used, the login does not succeed. What are the recommended troubleshooting steps or configuration changes to enable successful login in this setup?"
Thx
best regards
Delo
Thx
best regards
Delo
Spyridon Gouliarmis (RCDevs)
Nov 10, 2025, 8:33:51 AMNov 10
to RCDevs Security
Hello Delo,
in your case, the simplest thing to do would be to tell the CP not send the user's password to OpenOTP for checking, only the second factor. Windows will check the password after the CP has run anyway.
Use regedit and set HKEY_LOCAL_MACHINE/SOFTWARE/RCDevs/OpenOTP-CP/check_ldap to 0. It takes effect immediately; the CP loads those keys every time it's run.
Delooo
Nov 10, 2025, 11:06:35 AMNov 10
to RCDevs Security
Hi
Spyridon ,
thank you for your reply. Will there be any problems with password changes in AD or similar?
Are there any other possible solutions?
thank you for your reply. Will there be any problems with password changes in AD or similar?
Are there any other possible solutions?
Spyridon Gouliarmis (RCDevs)
Nov 10, 2025, 11:14:00 AMNov 10
to RCDevs Security
> Will there be any problems with password changes in AD or similar?
You won't be able to successfully reset your password through our web apps, because they do this over LDAP(S). Once logged in, you'll be able to reset your password through the normal means.
> Are there any other possible solutions?
Sure: remove your user from the protected users group.
Reply all
Reply to author
Forward
0 new messages