Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

User allowed to user same PW when PW is expired and forced to change in GVC

When a user's Active Directory (LDAP/TLS) PW is expired and GVC forces them to change it, they are allowed to use the same PW as their current one. Is this expected behavior?

Category: Mid Range Firewalls
Reply

Answers

  • MustafaAMustafaA SonicWall Employee

    Since this is not a local user on the firewall, rather an AD user account, you should review AD Password Policy.

  • DervariDervari Newbie ✭

    AD GPO does not allow password reuse. It caches the last 10 PWs. The policy works fine for native Windows clients when they are forced to change their PW.

  • prestonpreston Enthusiast ✭✭

    Hi @Dervari , make sure in the LDAP referrals settings you set as below, then it shouldn't cache the password


  • DervariDervari Newbie ✭

    It's not a password caching issue. It's an issue when the user's AD password has expired and the GVC client forces them to change it. From Windows, they are not allowed to use the same PW. That has bee tested and works. However, if they use their current password when prompted for a new PW by the GVC client the password change goes through with no issues.

    The LDAP Bind user is not a member of Domain Admins but is delegated for reset password and update password expiration. Without that attribute the Bind user was unable to make the password change in AD via LDAP.

Sign In or Register to comment.