I found out the following the hard way today.
Right now we are in the middle of an Active Directory migration. I have Windows computers in our classrooms that authenticate to the old SunONE LDAP using an open-source product called pGina. The computers are joined to the domain, but most users don't have domain accounts yet.
A faculty member could not log into the classroom computer. A pGina error spit out "An unknown error has prevented your account from being created.\n\rThis may be due to policy or security settings as well as other machine configuration.\n\rPlease consult your administrator." Remember that no user object exists in AD for this user, so there are no password policies set in this case. He is also authenticating to SunONE. When I tested his username and password on a computer running pGina but not joined to the domain, I had no problems.
What we found is that the logins didn't like the dollar sign at the end of his password. We temporarily changed his password and found it worked, and then changed it back where it had problems again. I suggested to him that he change his password permanently.
It's weirdness like this that makes technology interesting. Or difficult. Take your pick.
Showing posts with label LDAP. Show all posts
Showing posts with label LDAP. Show all posts
Tuesday, November 10, 2009
Subscribe to:
Posts (Atom)
