1 2 Previous Next 19 Replies Latest reply on Oct 26, 2009 11:08 AM by SafeBoot

    safeboot-AD connector

      Hi ... Need some help badly here.... I finishd integrating ad connector and able to synchronize AD and safeboot passwords..... However, this is happening only after 2 reboots I.e. It takes 2 reboots for the AD password to synch with Safeboot password. Can this be achieved without the 2 reboots??....... Can we use SBAdmCl scripting to achieve this or just look out for some changes in .ini files??.... If it is really possible to achieve the requirement of avoiding 2 reboots, what design considerations should I take into account??..... Please let me know.----- PS: sorry for the format...I'm having slight difficulties with a non-working enter key on my mobile..... Thanks !!
        • 1. RE: safeboot-AD connector
          the AD connector is not involved in password sync, only user accounts.

          yes, you can use the API to set the password (if you know it, or can get the user to type it).
          • 2. RE: safeboot-AD connector
            While the sync doesn't happen at the connector level, you shouldn't need any reboots for it to notice the new password or even the existing password for first time users. It should work like this if you have SSO setup properly:

            1. User has generic first time password, by default it's 12345
            2. User enters username/12345 at Pre-Boot Auth Window
            3. User is dumped at Windows login screen and enters true AD password
            4. SafeBoot silently realizes that the password needs to be in sync and matches them
            5. Next time you reboot, your SafeBoot password should be your Windows password
            • 3. RE: safeboot-AD connector

              My issue is not with the connector or the password at this point anymore, it is with the Reboots.... Is it possible to Synch a password changed by using 'Ctrl+Alt+Del' combination to the Local Safeboot DB immediately instead of rebooting twice?

              Essentially, when I say rebooting twice, I mean the below steps:
              Assumptions: Old Safeboot password=A, Old Windows Password is B,null New Windows Password is C.

              Action1: User changes his windows password via 'Ctrl+Alt+Del'

              Action2: Windows Password changed from B to C. Next action Reboot.
              Reboot1: User presented with Safeboot logon & submits password A as C will not work.
              Reason1: (Win password not passed to SB)

              Action3: User authenticates to safeboot GINA successfully.
              Action4: Safeboot GINA tries to present the Windows credentials automatically but fails as it is using password A.
              Action5: User presented with Windows logon again.
              Action6: User enters password C

              Action7: User authenticates successfully to Win MSGINA. Next action Reboot.
              Reboot2: User presented with Safeboot logon & submits password C as A will not work.
              Reason2: Win password passed to SB now.

              Can Reason2 be achieved by avoiding Reboot1 & Reboot2.

              Hope this explains my situation a bit clearly.

              • 4. RE: safeboot-AD connector
                the password is changed locally as part of a ctrl-alt-del event - it requires no sync at all.

                I'm not sure what you are doing, but most likely you can work it out through the token data events in the client log. Possibly the time is out within your environment, and the token data is flowing the wrong way.
                • 5. RE: safeboot-AD connector
                  of course, this all assumes you have all the windows login options set right.
                  • 6. RE: safeboot-AD connector
                    You should not have to reboot twice. What do you have checked/unchecked on the General tab of the properties of the machine that you're testing with under Windows Logon and Miscellaneous?

                    Also, are you using the normal Windows XP GINA, or are you running something else?
                    • 7. RE: safeboot-AD connector
                      I havent changed anything on the Windows login options or did not tamper a bit with the Win MSGINA .... cant attach a screenshot:( for u to check as well....

                      I dont want to make this very confusing to understand.... but i hope you have understood the above steps I have mentioned and what I want to achieve.
                      • 8. RE: safeboot-AD connector
                        you need to tick some - at least the ones for password sync.

                        perhaps you can call your platinum support team and get them to help you?
                        • 9. RE: safeboot-AD connector

                          Could you list what you have checked/unchecked on this screen?
                          1 2 Previous Next