Captive Portal & Active Directory Password Change

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Captive Portal & Active Directory Password Change

Not applicable

Hello, we are currenlty using captive portal for pupil laptops and mobile devices that are not joined to the domain to authenticate for internet access.

Does anyone know if you can use or setup captive portal that is a users active driectoy account and been set to change that this can be done via captive portal with out them having to go to a school pc joined to the domain just to change there password.

we are currenlty running  pan os 4.1.6.

Many Thanks

Darren

1 accepted solution

Accepted Solutions

I am not sure if I have got the question right but as far as I can understand you are looking to change the password of the users belonging to an active directory from the captive portal page, which is not possible. let me know if I got it wrong or you need more information.

Thanks,

Sandeep T

View solution in original post

7 REPLIES 7

L0 Member

No Answer from PAN.

dislike!!! :smileyminus:

Same question in here!

I am not sure if I have got the question right but as far as I can understand you are looking to change the password of the users belonging to an active directory from the captive portal page, which is not possible. let me know if I got it wrong or you need more information.

Thanks,

Sandeep T

Hi Sandeep,

that was the question.

Are there any plans to fix/implement this?

Because we are using the captive portal for a lot of external consultants they are temporary working for us with their own equipment.

At the moment we have to ask them to logon with their AD-Account and the password given bye us to a machine in our company so that they are able to change the password first.

Sebastian

That sounds somewhat risky because the PA would need to be domain admin in order to change passwords of users (or whatever that role is called nowdays in AD) but should be doable if you add a custom link to the captive portal page which goes to your internal server (on DMZ or such) where you have a script that takes username, current pass and new pass as input (and hopefully some other security measures on the road).

One trick I have used in a similar situation is using Outlook Web Access.  Users can change password from there.

Bob

you don't need to be domain admin to change password. you generate a token from old password with new password and it's done.

PA doesn't handle complex AD stuff right now : they simply pass tokens without really analysing them. May be a feature request could help in mid term future

Yeah, sorry... dunno where that brainfreeze came from.

Of course one only need current user/pass to alter the password of a specific user 🙂

  • 1 accepted solution
  • 4421 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!