Forum Discussion
Sharepoint with APM and expired AD-passwords
The APM should be used to verify a client certificate and should pass the credentials of the SSO towards an AD.
Now the question came up what happend if the password is expired (there is a global AD password policy, that passwords must be renewed after 90 days). The customers preferred option would be that the BIG-IP should handle this as well. As far as I know, there is an event within APM, which can be triggered when such a password expired message comes from the AD. But what doing next?
Did anyone already configured such a scenario? If not, are there any useful ideas or hints which we can use or search for?
Thank you!
Ciao Stefan :)
- Stefan_KlotzCumulonimbusDuring further investigation including several F5 documentation I could found the following:
- Chris_MillerAltostratusThanks for reporting back Stefan! Let us know if you run into any issues.
- Maynor_OvalleNimbostratus
Ran into the same issue but this time is a little bit different. Since you can only have 1 domain controller on an APM AAA AD Authentication profile, the workaround is to setup a VS and a pool of Domain Controllers, so we have the VS:0 and poolmembers:0 and under the APM policy we say Authenticate using AD Virtual Server we created. This is working great for Authentication but when a user needs to change it's password because of AD password credential expired, APM promts the user to change the password but it fails and the user is stuck on that loop where it enters the credentials and new password does not get changed.
So the situation is the same as above but we are using a VS to be able to authenticate to multiple AD servers by load balancing. Any ideas?
- giorgio_32761NimbostratusHi all, Have you solved the problem of expired password ? I have the same configuration presented by Maynor, no way to change password expired, apm log says:
- Ben_Cuthbert_90Historic F5 AccountCheck your administrator password. In 10.2 for example, it became case sensitive : http://support.f5.com/kb/en-us/solutions/public/12000/500/sol12522.html?sr=18225457
- Mark_van_DCirrostratusHi all, I've also got the same setup as Maynor. When pointing the APM straight to a Domain Controller, pw change works correctly. But when it's going through the VS it fails (I tried just having a single Domain Controller in the pool but that still fails). The admin password is correct. Do I need to join the F5s to the domain?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com