no expired-password notification on wireless?

Discussion in 'Windows Desktop Systems' started by fimchick, Jan 17, 2006.

  1. fimchick

    fimchick OSNN Senior Addict

    Messages:
    276
    Location:
    Somewhere
    Hey guys/gals,

    I'm trying to figure out why, if a user's password has expired, and they try to connect to the wireless network on the domain, it doesn't tell them that the password is expired and prompt them to create a new one?
    Is there some funky authentication that I'm not aware of?

    I've also started having users complain that when on wireless, they are prompted to enter their password when they launch Outlook...?

    Many thanks for any info!!
     
  2. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Well, one issue at a time....

    First, in regards to the logon, it sounds like they are doing a cached logon. Depending on what your GPO is set to, this probably indicates they are not hitting the PDC, thus their credentials aren't gettin matched. Also, as a result, if they are not loggin in correctly, but still getting their profile, when they open up Outlook, it tries to authenticate to Exchange. Since the password has changed, and they are not authenticated correctly, Outlook will prompt them for the password. This behavior occurs when the Windows Integrated Authentication information doesn't match to the AD credentials.

    Long story short, cached logins are your problem. Review your GPO settings in regards to those, set lower threshold, and that should help you out.
     
    fimchick likes this.
  3. fimchick

    fimchick OSNN Senior Addict

    Messages:
    276
    Location:
    Somewhere
    Heheh, so the funny thing is, we don't have any GPO policies set yet. I've to implement it on the network! :)
     
  4. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    If there is a domain, there are GPO. The default domain policy is enabled by default, and I believe the default value for cached logons is 3, but I could be wrong on that...

    Have you actually disabled the default domain policy?
     
  5. fimchick

    fimchick OSNN Senior Addict

    Messages:
    276
    Location:
    Somewhere
    I think I know what the problem is. Since we're using FreeBSD rather than IAS, we are having problems authenticating wirelessly when the password is expired. As a result, instead of logging the user onto the wireless connection and THEN checking for domain creds, it just errors out at the first step and poops.

    Need to find some software or Windows add-on that can interface with wireless and then domain authentication.
     
  6. fimchick

    fimchick OSNN Senior Addict

    Messages:
    276
    Location:
    Somewhere
    This is another, possibly related issue...users who connect to a wireless network, and then get on the VPN, are prompted for a password when they launch Outlook 2003?
     
  7. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Although I could be wrong, that is usually software specific to the wireless card. I would start investigating there.

    In regards to your Outlook thing, try to fix the first problem as I feel they are related.

    Best of luck mate :)