Forum Discussion

Altostratus

Jun 21, 2017

Reset forgotten user password iRule = Sideband

Hi Guys, Just discovered the sideband technique. I'm looking into crafting an irule to reset a user password in Active directory. I'm using APM to get the user loginname. BigIP LTM 11.5.4. Here ...

application delivery

BIG-IP

BIG-IP Access Policy Manager (APM)

JoeTheFifth

Altostratus

My plan:

Build a lightweight IIS web site on my Web Server
Add code (C sharp) to reset password and Set the 'Change Password at next logon' based on a string (username) received in the query example :
Create an irule to perform a sideband connection => send the username and get a success result
go on with the APM policy if result is OK.
User will get a random password and will be asked to change it by APM on next logon

What do you guys think?

Daniel_W__13795

Nimbostratus

Jun 23, 2017

I recommend you to use cert based authentication to secure the link between F5 and IIS. This is the most secure way and easy to implement. You will find a good cookbook here: https://medium.com/@hafizmohammedg/configuring-client-certificates-on-iis-95aef4174ddb

You will then need to attach the client certificate on the server SSL profile of the sideband VS.

Good luck

Forum Discussion

Reset forgotten user password iRule = Sideband

Recent Discussions

SSL cert bundle - how to extract the intermediate?

connect to cloudflare or cloud ec2 via SSLO

GSLB - Monitoring LTM VIP load balancing via iRule

Can iRule forward request to pool after ASM block without ASM:unblock ?

failed: Cannot contact any KDC for realm

Related Content

Simple Sideband - iRule sideband the easy way

Automate scp transfers using password

Password Safety & Security: Passwords vs. Passphrases

Forgotten Boa, Aurora botnet, Kerberos & Twitter - Nov 19th-25th - F5 SIRT - This Week in Security

iRules LX Sideband Connection