expired user password

All about WTware on Raspberry. WTware works with Raspberry Pi 4, Raspberry Pi 3B+, Pi 3 and Pi 2 devices
http://www.winterminal.com
Post Reply
geefox
Posts: 65
Joined: Fri Sep 29, 2017 6:43 pm

expired user password

Post by geefox »

hello,

how is it possible for users with an expired password to change it?
If I dont enable the "ask_password" parameter, than the user's have to login twice (broker and than rds server) - but the users are able to change the password.
But with an enabled "ask_password" line, there is no password change dialog
akatik
SUPPORT
SUPPORT
Posts: 630
Joined: Mon Jan 17, 2005 6:30 pm
Contact:

Re: expired user password

Post by akatik »

If NLA is disabled, WTware does not know what happened inside rdp session in windows interface. Client has no chance to know about password changing.

If NLA is enabled, password should be changed in wtware interface. Unfortunately, wtware can not do it :(
geefox
Posts: 65
Joined: Fri Sep 29, 2017 6:43 pm

Re: expired user password

Post by geefox »

so I did a few tests regarding this password flag

1) NLA disabled, ask_password disabled => Windows Login Screen => Windows password change message => password change functional
2) NLA disabled, ask_password set => WTware Login Screen => Windows password change message => password change not functional, password cannot be changed
3) NLA enabled, ask_password disabled => WTware Login Screen => WTware dialog with password message (deactivate NLA etc)
4) NLA enabled, ask_password enabled => WTware Login Screen => WTware dialog with password message (deactivate NLA etc)

so maybe its possible to implement a behavior which switches from the WTware Login Screen to the windows login screen after the WTware dialog in 3) or 4) appears, so it would be possible to change the password?

Or do you know any other solution for changing the password after it is expired, or a new user account is created, and the flag is set?
aka
SUPPORT
SUPPORT
Posts: 939
Joined: Fri Dec 03, 2004 2:05 pm
Contact:

Re: expired user password

Post by aka »

With NLA enabled, no way to get windows login screen. Server with NLA did not accept connection without password.

Why password change not functional in 2) ? Here is my 2016 without NLA after ask_password=on:
Untitled.png
Untitled.png (22.83 KiB) Viewed 10810 times
I press OK, and:
Untitled1.png
Untitled1.png (24.88 KiB) Viewed 10809 times
Untitled2.png
Untitled2.png (20.29 KiB) Viewed 10808 times
geefox
Posts: 65
Joined: Fri Sep 29, 2017 6:43 pm

Re: expired user password

Post by geefox »

ok, think there is a strange behaviour - tried it on our 2016 test rds server without a broker.

after login, the user receives the message to change password -> hit ok -> and then the loginscreen in attachment2 appears - but its not possible to login

maybe its a CredSSP thing - going to try a few things
Attachments
1.JPG
1.JPG (157.75 KiB) Viewed 10800 times
2.JPG
2.JPG (77 KiB) Viewed 10800 times
3.JPG
3.JPG (84.07 KiB) Viewed 10800 times
geefox
Posts: 65
Joined: Fri Sep 29, 2017 6:43 pm

Re: expired user password

Post by geefox »

tried to change credssp to rdp - but also with no luck.
do you have any special configuration?

Update: I only receive the dialog, if I try to login to testserver via windows 10 notebook and mstsc, than the dialog appears and I'm able to change the password.
If I try to login via wtware on raspberry, the dialog won't appear
Last edited by geefox on Tue Jan 23, 2018 7:23 pm, edited 2 times in total.
akatik
SUPPORT
SUPPORT
Posts: 630
Joined: Mon Jan 17, 2005 6:30 pm
Contact:

Re: expired user password

Post by akatik »

I have no special configuration. I installed server. Configured static IP. Installed remote desktop role. Added local user. Disabled NLA in gpedit.msc. Changed date to expire password. As few clicks as possible.
Post Reply