欢迎来到天天文库
浏览记录
ID:40916662
大小:1.77 MB
页数:13页
时间:2019-08-10
《在Juniper SSL VPN中实现更改windows域用户的密码》由会员上传分享,免费在线阅读,更多相关内容在教育资源-天天文库。
1、在JuniperSSLVPN中实现更改windows域用户的密码Composedbyfzhongjie示意图如下使用的版本AAAServerWindows2003R2SP2EngSA40006.0R3MyPCWindowsXPSP2withIE6SP2设置windows2003安装完windows后,将系统升级为域控制器。安装证书服务组件13打开windows防火墙的TCP636端口和TCP389端口打开域的安全策略管理器,修改密码策略13其中密码历史保存记录最好设为0passwordremembered,这样用户就不能使用旧密码登陆了。最小的密码有效时间最好设为0,
2、这样用户可以立即修改自己的密码。其余可以按需设置。13设置完成后,必须重启域控服务器。在试验中,我另外添加了一个管理员帐号。帐号的Displayname为ZhongjieFan,隶属于Administrators组,在asia-link的OU中。13JuniperSA的设置建立一个LDAP认证服务器13建立role,realm和role-mapping1313确认realm中的passwordmanagement是否打开测试在普通用户界面测试用户密码是否能被修改13如果需要用户在首次登陆时修改密码,可以在windows的活动目录用户和计算机管理器中修改相关属性。参考I
3、VE6.0中的Help13Authenticationanddirectoryservers>ConfiguringanLDAPserverinstance>EnablingLDAPpasswordmanagementEnablingLDAPpasswordmanagementTheIVEpasswordmanagementfeatureenablesuserswhoauthenticatethroughanLDAPservertomanagetheirpasswordsthroughtheIVEusingthepoliciesdefinedontheLDAPserv
4、er.Forexample,ifausertriestosignintotheIVEwithanLDAPpasswordthatisabouttoexpire,theIVEcatchestheexpiredpasswordnotification,presentsittotheuserthroughtheIVEinterface,andthenpassestheuser’sresponsebacktotheLDAPserverwithoutrequiringtheusertosignintotheLDAPserverseparately.Users,administr
5、ators,andhelpdeskadministratorswhoworkinenvironmentswherepasswordshavesetexpirationtimesmayfindthepasswordmanagementfeatureveryhelpful.Whenusersarenotproperlyinformedthattheirpasswordsareabouttoexpire,theycanchangethemthemselvesthroughtheIVEratherthancallingtheHelpDesk.Thepasswordmanage
6、mentfeatureenablesuserstochangetheirpasswordswhenpromptedoratwill.Forexample,duringthesign-inprocess,theIVEmayinformtheuserthathispasswordisexpiredorabouttoexpire.Ifexpired,theIVEpromptstheusertochangehispassword.Ifthepasswordhasnotexpired,theIVEmayallowtheusertosignintotheIVEusinghisex
7、istingpassword.Afterhehassignedin,hemaychangehispasswordfromthePreferencespage.Thepasswordmanagementfeatureenablesuserstochangetheirpasswordswhenpromptedoratwill.Forexample,duringthesign-inprocess,theIVEmayinformtheuserthathispasswordisexpiredorabouttoexpire.Ifexpired,theIVEpro
此文档下载收益归作者所有