|
|
On 5/10/05, Rainer Sokoll <R.Sokoll@xxxxxxxxxxxx> wrote: > Hi alltogether, > > my question is a bit off topic, but someone here may be faced with the > same problem and have an idea: > Scenario: Home offices and a Windows domain policy forcing password > expiration. > The user logs onto his workstation by using the cached credentials (no > connection to the domain controller at this time). Afterwards, the user > fires up OpenVPN and everything is fine. > But: assumed, the user has to change his password every 60 days or so? I > am not a windows guru, but from my knowledge: changing the password > requires a connection to the domain controller. No problem while the VPN > is up. But the password will only be changed on the domain controller, > not on the user's computer. > I would expect that the user now has 2 different passwords for the same > account (the local password and the password on the domain controller). > To go ahead: if the users's computer has a domain wide policy that > requires password change, but the local stored password will /never/ be > changed, I guess the user will not be able to log onto his computer, > neither with the remote password (since the local computer did not got > notified about the password change) nor with the old (local) password > (since it is marked as expired). > Does anyone know of a working solution besides running OpenVPN as a > service? > Now I didn't set this up so I don't know any of the configuration details, but it worked for me. 1. When VPN connected change your password. 2. Use Ctrl-alt-del to lock your computer. 3. Use Ctrl-alt-del and log into the computer with the new password. YMMV as I was not involved in the setup or testing. -- Leonard Isham, CISSP Ostendo non ostento. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |