"User must change password at next logon" flag set for users
67 views
Skip to first unread message
john downes
unread,
Nov 12, 2023, 11:49:29 AM11/12/23
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to RCDevs Security
As part of the logon requirements for new users we set "user must change password at next logon" (pwdLastSet) attribute. This must be set due to customer requirements.
As we are using a read only instance of Active Directory when the users try to logon it fails during the RADIUS phase with LDAP password has expired.
Is there a way to stop OTP from checking the "pwdLastSet" attribute or a client policy to stop this from happening?
Yoann Traut (RCDevs)
unread,
Nov 14, 2023, 5:07:48 AM11/14/23
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to RCDevs Security
Hello,
I discussed with dev team and we will check the possibilities to implement a setting and let the user enter if that setting is enabled when password is flagged as must be changed.
Regards
Yoann Traut (RCDevs)
unread,
Nov 20, 2023, 11:00:11 AM11/20/23
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to RCDevs Security
Hello,
The requested feature has been added in the last WebADM version:
2.3.9 (November 17 2023) - Added a client policy setting allowing login with failed LDAP passwords when password expired, must be reset or account is locked-out.