From users-return-26155-apmail-cloudstack-users-archive=cloudstack.apache.org@cloudstack.apache.org Mon Aug 1 06:36:14 2016 Return-Path: X-Original-To: apmail-cloudstack-users-archive@www.apache.org Delivered-To: apmail-cloudstack-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AB54719E00 for ; Mon, 1 Aug 2016 06:36:14 +0000 (UTC) Received: (qmail 21530 invoked by uid 500); 1 Aug 2016 06:36:14 -0000 Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org Received: (qmail 21480 invoked by uid 500); 1 Aug 2016 06:36:14 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 21468 invoked by uid 99); 1 Aug 2016 06:36:13 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Aug 2016 06:36:13 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 54D90C1E37 for ; Mon, 1 Aug 2016 06:36:13 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.802 X-Spam-Level: X-Spam-Status: No, score=-0.802 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id M_pYJZ0yRdsw for ; Mon, 1 Aug 2016 06:36:12 +0000 (UTC) Received: from mail-pa0-f44.google.com (mail-pa0-f44.google.com [209.85.220.44]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 5CE825FCF3 for ; Mon, 1 Aug 2016 06:36:12 +0000 (UTC) Received: by mail-pa0-f44.google.com with SMTP id iw10so49653979pac.2 for ; Sun, 31 Jul 2016 23:36:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=9Rpq1bqaykciemzq85l1hBRMasLEhm5SS0kLG9aBSRM=; b=XZGrZqDhi4LoVpNR+M9K5fhIMv8qa/jYzFkDj/LePUmDQaVb9mx27a9bblLv9te3ne xh/Zb+TZX/Rezx/H+gC3fN4H0aX+Ob0BClrf20jxJt6E3j+j8wcAXX6TiRgv0skz71En IqG/o/w5OQVTEWP5mV/JFQUX6KvPKqxFf+QN7rNMWp7uMKmoU8k5d4cNw3gUP8nR2hDn Rx65LM2y8o8TnUcK9nTmF6bjkvVyEQ+222Q2s30bsyX9qOCFjbLvQLNU+S5xxvard466 /Tn33rj8dMcNKWGHwqssWc6EXMYZLi6tBAtwcvKBlWst2XSGPEZrZs2pYZRUM0bdIo7K dmuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=9Rpq1bqaykciemzq85l1hBRMasLEhm5SS0kLG9aBSRM=; b=Uh2cFXgQmwfrl9ga3QqdXGEwoV7cJ882+BXIQbFcVgQeu481jZfUFoTobdxJHSvCs/ 5StGz4PHVCHkQxbB6GEQGq4pcQCxTd9hPl/drqhb1pPCnwiKfpY9zijyElAWsMpu9VVA yHdoF4189g/jF/XpPIW6pQYvn2IAVkQieiYCta3ROzF4HVFqQnQKGsLlRJTvj/6c/L3f sQ3IA0zDKHyH5fNBfPikEAVwmwUmp/zsEztnAWRRX2CXHsuG7XYvb/syfiy6sLLNIqlM uXRIi119iv+EIDL9Og28D/2Q+Y2U56UQfneruQFUFBUf2mMA9JjfKF43ZwfwmnLHaqhe QUZw== X-Gm-Message-State: AEkoouu/u+1+bawdXI7bI6QdSlBeKx4mMw0vY3g7/M6Zge/YXpJcVwq5/RLJu3M/9EfNwA== X-Received: by 10.66.0.231 with SMTP id 7mr22751312pah.118.1470033364609; Sun, 31 Jul 2016 23:36:04 -0700 (PDT) Received: from [0.0.0.0] (dev1.cloudsand.com. [162.243.147.22]) by smtp.gmail.com with ESMTPSA id x184sm42268321pfd.70.2016.07.31.23.36.03 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 31 Jul 2016 23:36:04 -0700 (PDT) Subject: Re: LDAP (Active Directory) password concerns To: users@cloudstack.apache.org References: From: ilya Message-ID: <478c5e26-bd9e-5f28-60ed-a91bf532fc76@gmail.com> Date: Sun, 31 Jul 2016 23:36:02 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Marty see response in-line On 7/31/16 11:32 PM, Marty Godsey wrote: > The password has been changed. If I try to log onto a machine in the domain with the old password it tells me the password is incorrect. correct behavior If I use the new one, it logs me into the machine. also correct behavior There are only three accounts in the ACS instance: admin, bare-metal and testallow. Testallow is the LDAP account. not following where the issue might be > > > Regards, > Marty Godsey > > -----Original Message----- > From: ilya [mailto:ilya.mailing.lists@gmail.com] > Sent: Monday, August 1, 2016 2:29 AM > To: users@cloudstack.apache.org > Subject: Re: LDAP (Active Directory) password concerns > > Do you happen to have local account as well as ldap account set? > > It usually follows one authentication method (ldap) followed by another (local). Please confirm the passwords are different. > > I will be testing ldap this week and will let you know if i see this issue. I've used it in past, I'd be surprised to see this behavoiur, last i recall, we dont cache - and do a lookup to LDAP each time user tries to authenticate.. You should see this in the logs.. > > > Regards, > ilya > > On 7/31/16 11:01 PM, Marty Godsey wrote: >> Hello, >> >> I have a lab CloudStack that is authenticating to an active directory and it works great accept one thing. If I change the password on the AD user, ACS still allows the user to log into the ACS portal with the old AND the new password... >> >> Is there a refresh interval for LDAP accounts? Does it store a hash in the ACS database? Did I miss a setting? >> >> Regards, >> Marty Godsey >> >>