1 2 Previous Next 15 Replies Latest reply on Nov 21, 2008 10:29 AM by Arghs

    Single Sign-On

      Just wondering if others are having issues with single sign-on.

      It appears to work at first..after logging into SB, it logs straight into Windows for the user.
      However the fun begins when passwords are changed (in Windows).

      Windows Pwd = A, SB Pwd = A.
      I then change the password in Windows to B and force a manual sync.
      Machine is rebooted.
      SB does not accept B as pwd. It still accepts A.
      Single sign-on is attempted. Windows Does not accept A. B is accepted.

      This situation appears to correct itself after another reboot, however I do not want to confuse users with using old passwords and the like.

      Is anyone else experiencing this?

      Oh we r using B5300 (no we have not upgraded to 5400 yet), and clients r Win XP SP2.
        • 1. RE: Single Sign-On
          Is this on windows xp or vista?
          • 2. RE: Single Sign-On
            We currently have the same issue. When we originally deployed SafeBoot (Build 5140) the SafeBoot password would be synchronized to the new Windows password during a manual password change in Windows. This stopped working for some unknown reason and now SB and Windows passwords only synchronize on Windows logon. I haven't had the opportunity to research this issue yet but if I find anything I'll be sure and post.
            • 3. RE: Single Sign-On
              On machine properties, make sure that these options are checked...
              - SafeBoot logon component always active
              - Set SafeBoot password to Windows password
              - Must match Windows user name

              This should make your SB password update whenever they change their Windows password from a SB installed workstation (using normal password change).

              This may not however update their SSOPassword until the user logs in the next time, where SB will "learn" what their Windows credentials are (ID, Password, Domain).

              Don't kill me if the information is not perfectly accurate. We just recently converted from 4.x to 5.x, so my 5.x knowledge may be incomplete.
              • 4. RE: Single Sign-On
                ah... password sync.. to make the issue worst... some of our users have multiple account... when they change password, they will log off windows and log back in to change others... in result... SafeBoot will not pickup the password where the user ID is different from Windows....

                PS: due to some reasons, I am not "allow" to use "Require SafeBoot Logon" or "Require SafeBoot re-Login" options...

                So, to "fully" solve your problem, you need to enable pretty much every option in Windows Option under Machine Properties... grin
                • 5. RE: Single Sign-On
                  I have tried having all of the Windows Options on.
                  Same result really.

                  But from what you guys are telling me, seems that the SSO password is only ever updated when it sees the Windows login box.

                  So inevitably, if a user changes the password in Windows, and then re-boots - the SafeBoot login screen will require the old password (as SB has not seen the Windows login box just yet).

                  Sounds right?

                  Hmm might have to check out B5400..see whats new.
                  • 6. RE: Single Sign-On
                    To verify if a users windows password has been captured after a windows password change, do a sync and look for
                    10/20/2008 3:37:50 PM Updating database SSO info with local changes for user (ID=00000114)

                    If you do not see that message, safeboot did NOT capture the password during the password change.

                    If that is the case, lock the workstation via ctrl alt del and unlock it, providing the new windows password.

                    Sync again and this time you SHOULD see the message from above. If you still don't see it, you are probably going to have to do a reboot and go through the windows login screen to get the password recaptured.

                    Note: On Vista, I have not had safeboot be able to capture the windows login from the login screen. It has only worked on a lock / unlock of the workstation.

                    Note: If you change the password on the domain through AD Users and Computers (ie NOT on the local workstation) or other method, you should also go into the safeboot admin console, right click on the user, select 'Set SSO Details' and select clear. This will force safeboot to forget the previously cached credentials which contains the old windows password.
                    • 7. Vista SSO
                      for vista SSO, you also need to make sure you check the box "require safeboot logon" under the general/windows logon section.
                      • 8. RE: Vista SSO
                        SafeBoot should synch the password with the SbFS when you change your Windows password. This works in my environment both at a logon password change and at a CTRL+ALT+DEL password change. Are you using the MSGINA (Windows GINA) or are you using some other vendor such as Cisco or Netware?
                        • 9. RE: Vista SSO

                          Using standard Windows GINA here.
                          Anyway given up for now. We are forcing users to login twice.
                          1 2 Previous Next