06-19-2012 07:32 AM
Hello, we are currenlty using captive portal for pupil laptops and mobile devices that are not joined to the domain to authenticate for internet access.
Does anyone know if you can use or setup captive portal that is a users active driectoy account and been set to change that this can be done via captive portal with out them having to go to a school pc joined to the domain just to change there password.
we are currenlty running pan os 4.1.6.
Many Thanks
Darren
11-05-2012 08:08 PM
I am not sure if I have got the question right but as far as I can understand you are looking to change the password of the users belonging to an active directory from the captive portal page, which is not possible. let me know if I got it wrong or you need more information.
Thanks,
Sandeep T
11-05-2012 01:26 AM
No Answer from PAN.
dislike!!! :smileyminus:
Same question in here!
11-05-2012 08:08 PM
I am not sure if I have got the question right but as far as I can understand you are looking to change the password of the users belonging to an active directory from the captive portal page, which is not possible. let me know if I got it wrong or you need more information.
Thanks,
Sandeep T
11-27-2012 08:52 AM
Hi Sandeep,
that was the question.
Are there any plans to fix/implement this?
Because we are using the captive portal for a lot of external consultants they are temporary working for us with their own equipment.
At the moment we have to ask them to logon with their AD-Account and the password given bye us to a machine in our company so that they are able to change the password first.
Sebastian
11-27-2012 09:36 AM
That sounds somewhat risky because the PA would need to be domain admin in order to change passwords of users (or whatever that role is called nowdays in AD) but should be doable if you add a custom link to the captive portal page which goes to your internal server (on DMZ or such) where you have a script that takes username, current pass and new pass as input (and hopefully some other security measures on the road).
11-27-2012 06:38 PM
One trick I have used in a similar situation is using Outlook Web Access. Users can change password from there.
Bob
11-28-2012 09:03 AM
you don't need to be domain admin to change password. you generate a token from old password with new password and it's done.
PA doesn't handle complex AD stuff right now : they simply pass tokens without really analysing them. May be a feature request could help in mid term future
11-28-2012 12:52 PM
Yeah, sorry... dunno where that brainfreeze came from.
Of course one only need current user/pass to alter the password of a specific user 🙂
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
