cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marty Godsey <ma...@gonsource.com>
Subject RE: LDAP (Active Directory) password concerns
Date Mon, 01 Aug 2016 06:40:14 GMT
No I agree with you. Not being able to log into the machine with the old password and being
able to with the new one is all correct behavior.  I mentioned this to illustrate that the
password had indeed been changed.

The accounts I mentioned were to answer your question about their potentially being another
LOCAL account for that user which there is not.

UPDATE:

So after it has "sit" for awhile, I can no longer log in with the old password. I will look
at the logs to see if there is a service or something that refreshes something in the background..
Thank you for your help.

Regards,
Marty Godsey

-----Original Message-----
From: ilya [mailto:ilya.mailing.lists@gmail.com] 
Sent: Monday, August 1, 2016 2:36 AM
To: users@cloudstack.apache.org
Subject: Re: LDAP (Active Directory) password concerns

Marty see response in-line

On 7/31/16 11:32 PM, Marty Godsey wrote:
> The password has been changed. If I try to log onto a machine in the domain with the
old password it tells me the password is incorrect. 
correct behavior

If I use the new one, it logs me into the machine.
also correct behavior


There are only three accounts in the ACS instance: admin, bare-metal and testallow. Testallow
is the LDAP account.

not following where the issue might be
> 
> 
> Regards,
> Marty Godsey
> 
> -----Original Message-----
> From: ilya [mailto:ilya.mailing.lists@gmail.com]
> Sent: Monday, August 1, 2016 2:29 AM
> To: users@cloudstack.apache.org
> Subject: Re: LDAP (Active Directory) password concerns
> 
> Do you happen to have local account as well as ldap account set?
> 
> It usually follows one authentication method (ldap) followed by another (local). Please
confirm the passwords are different.
> 
> I will be testing ldap this week and will let you know if i see this issue. I've used
it in past, I'd be surprised to see this behavoiur, last i recall, we dont cache - and do
a lookup to LDAP each time user tries to authenticate.. You should see this in the logs..
> 
> 
> Regards,
> ilya
> 
> On 7/31/16 11:01 PM, Marty Godsey wrote:
>> Hello,
>>
>> I have a lab CloudStack that is authenticating to an active directory and it works
great accept one thing. If I change the password on the AD user, ACS still allows the user
to log into the ACS portal with the old AND the new password...
>>
>> Is there a refresh interval for LDAP accounts? Does it store a hash in the ACS database?
Did I miss a setting?
>>
>> Regards,
>> Marty Godsey
>>
>>

Mime
View raw message