expired user password

All about WTware on Raspberry. Wtware works with Raspberry Pi 3 Model B and Pi 2 Model B devices
http://www.winterminal.com
Post Reply
geefox
Posts: 65
Joined: Fri Sep 29, 2017 6:43 pm

expired user password

Post by geefox » Wed Jan 17, 2018 9:58 am

hello,

how is it possible for users with an expired password to change it?
If I dont enable the "ask_password" parameter, than the user's have to login twice (broker and than rds server) - but the users are able to change the password.
But with an enabled "ask_password" line, there is no password change dialog

akatik
SUPPORT
SUPPORT
Posts: 260
Joined: Mon Jan 17, 2005 6:30 pm
Contact:

Re: expired user password

Post by akatik » Wed Jan 17, 2018 4:12 pm

If NLA is disabled, WTware does not know what happened inside rdp session in windows interface. Client has no chance to know about password changing.

If NLA is enabled, password should be changed in wtware interface. Unfortunately, wtware can not do it :(

geefox
Posts: 65
Joined: Fri Sep 29, 2017 6:43 pm

Re: expired user password

Post by geefox » Mon Jan 22, 2018 1:28 pm

so I did a few tests regarding this password flag

1) NLA disabled, ask_password disabled => Windows Login Screen => Windows password change message => password change functional
2) NLA disabled, ask_password set => WTware Login Screen => Windows password change message => password change not functional, password cannot be changed
3) NLA enabled, ask_password disabled => WTware Login Screen => WTware dialog with password message (deactivate NLA etc)
4) NLA enabled, ask_password enabled => WTware Login Screen => WTware dialog with password message (deactivate NLA etc)

so maybe its possible to implement a behavior which switches from the WTware Login Screen to the windows login screen after the WTware dialog in 3) or 4) appears, so it would be possible to change the password?

Or do you know any other solution for changing the password after it is expired, or a new user account is created, and the flag is set?

aka
SUPPORT
SUPPORT
Posts: 625
Joined: Fri Dec 03, 2004 2:05 pm
Contact:

Re: expired user password

Post by aka » Mon Jan 22, 2018 6:32 pm

With NLA enabled, no way to get windows login screen. Server with NLA did not accept connection without password.

Why password change not functional in 2) ? Here is my 2016 without NLA after ask_password=on:
Untitled.png
Untitled.png (22.83 KiB) Viewed 354 times
I press OK, and:
Untitled1.png
Untitled1.png (24.88 KiB) Viewed 353 times
Untitled2.png
Untitled2.png (20.29 KiB) Viewed 352 times

geefox
Posts: 65
Joined: Fri Sep 29, 2017 6:43 pm

Re: expired user password

Post by geefox » Tue Jan 23, 2018 11:57 am

ok, think there is a strange behaviour - tried it on our 2016 test rds server without a broker.

after login, the user receives the message to change password -> hit ok -> and then the loginscreen in attachment2 appears - but its not possible to login

maybe its a CredSSP thing - going to try a few things
Attachments
1.JPG
1.JPG (157.75 KiB) Viewed 344 times
2.JPG
2.JPG (77 KiB) Viewed 344 times
3.JPG
3.JPG (84.07 KiB) Viewed 344 times

geefox
Posts: 65
Joined: Fri Sep 29, 2017 6:43 pm

Re: expired user password

Post by geefox » Tue Jan 23, 2018 6:58 pm

tried to change credssp to rdp - but also with no luck.
do you have any special configuration?

Update: I only receive the dialog, if I try to login to testserver via windows 10 notebook and mstsc, than the dialog appears and I'm able to change the password.
If I try to login via wtware on raspberry, the dialog won't appear
Last edited by geefox on Tue Jan 23, 2018 7:23 pm, edited 2 times in total.

akatik
SUPPORT
SUPPORT
Posts: 260
Joined: Mon Jan 17, 2005 6:30 pm
Contact:

Re: expired user password

Post by akatik » Tue Jan 23, 2018 7:22 pm

I have no special configuration. I installed server. Configured static IP. Installed remote desktop role. Added local user. Disabled NLA in gpedit.msc. Changed date to expire password. As few clicks as possible.

Post Reply