Forum Discussion

Altostratus

Jun 21, 2017

Reset forgotten user password iRule = Sideband

Hi Guys, Just discovered the sideband technique. I'm looking into crafting an irule to reset a user password in Active directory. I'm using APM to get the user loginname. BigIP LTM 11.5.4. Here ...

application delivery

BIG-IP

BIG-IP Access Policy Manager (APM)

JoeTheFifth

Altostratus

Jun 21, 2017

My plan:

Build a lightweight IIS web site on my Web Server
Add code (C sharp) to reset password and Set the 'Change Password at next logon' based on a string (username) received in the query example :
Create an irule to perform a sideband connection => send the username and get a success result
go on with the APM policy if result is OK.
User will get a random password and will be asked to change it by APM on next logon

What do you guys think?

Daniel_W__13795

Nimbostratus

Jun 23, 2017

I recommend you to use cert based authentication to secure the link between F5 and IIS. This is the most secure way and easy to implement. You will find a good cookbook here: https://medium.com/@hafizmohammedg/configuring-client-certificates-on-iis-95aef4174ddb

You will then need to attach the client certificate on the server SSL profile of the sideband VS.

Good luck

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)