Solved

Password expiration warning

Posted on 2004-08-28
12
962 Views
Last Modified: 2012-06-21
In the Netware world, it's common to use "gracelogins": When the password *has* expired, the user can log in some number of times.  

I'd like to disable "gracelogins", and use a model based on "early warnings" instead: Upon login, the system should warn the user if the password is *about* to expire: If it will expire in some number of days.

The question is: Does the Novell Windows client contain such functionality? If not, which kind of add-on software can solve this? Free software alternatives are preferred.
0
Comment
Question by:astrand
  • 5
  • 3
  • 2
12 Comments
 
LVL 35

Expert Comment

by:ShineOn
ID: 11923438
I haven't done forced changes lately, but when I did a few years ago, it seems to me that it would warn that your password was going to expire, before actually saying it was expired.  Maybe I'm thinking of something else.

Are you saying that you are not using the Novell Client32, or that you are and want to know if there's a setting to change on the client side for this?

What version of the Novell Client32 software are you using, and what version of NetWare are you running?
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11923989
Short answer: Yes. Sort of.

Long answer: Yes - altho you didn't bother to specify your version of NetWare, or the exact client platform, or the version of the NetWare Client, the NetWare client has had this functionality for literally decades, since the days of the DOS monolithic client (the one you had to compile on-site, remember that?). You do this using login script commands. However: if you, as most people in the Windoze environment do, hide or quickly close the login results screen, then the user is not going to see the warning.

You can, in the login script, print a warning message to the user, like so:

WRITE "You password will expire in %PASSWORD_EXPIRES days"

If you do hide the login results screen (or have it close as soon as the script completes, which on most systems amounts to the same thing), then you might do better to test the value of PASSWORD_EXPIRES and if it is below a certain point, execute an external program to put a message on the user's screen, like so (mind you, its been years since I've done this sort of login script programming, so treat this as pseudo-code and not actually ready-to-be-run code):

IF %PASSWORD_EXPIRES < 5 THEN
  @POPUP_PROGRAM_NAME_HERE Your password will expire soon! Click the red N to change it!
ENDIF

Here's a helpful page for the Windoze XP/NT v4.8-9 client that discusses the variables available and how to use them: http://www.novell.com/documentation/noclienu/index.html
0
 
LVL 2

Author Comment

by:astrand
ID: 11924525
I was hoping for a solution that would work on most recent Netware versions: different customers have different versions. NW 6.0 and 6.5 is most interesting.

For the client: We can assume that a recent version of the Windows Client32 is used: Something like 4.7 or newer. There's no need to support other client platforms right now.

>then you might do better to test the value of PASSWORD_EXPIRES and if it is below a certain point, execute an external program to put >a message on the user's screen,

Interesting. Anyone knows of a suitable external program?

Also, I forgot to tell: I want the users to be able to change password from the warning dialog. Is it possible to trigger Netwares native password change dialog from a script?
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 34

Expert Comment

by:PsiCop
ID: 11926097
Novell Client 32 v4.7 is *not* a "recent version" of that client. Its at least a year or so old, which makes it long of tooth, to say the least. Its not even a supported version. Latest is v4.90 SP2B (aka v4.90.2B) - support extends back to v4.8.

The solution I propose will work on practically every version of NetWare, from the ancient v3 days thru to now. The drawback is that, unless you leave the Client 32 login results screen open for users to read (meaning they gotta click OK to close it), the users will miss it.

For a suitable 3rd party app, I suggest you look at NetWareFiles.com, specifically the Login tools (http://www.netwarefiles.com/login.htm). I checked there quickly and noted WDisplay, which is a bit old --> http://www.virtualroberts.com/software/WDISPLAY.ZIP

You should probably also take a look at the password management utilities there --> http://www.netwarefiles.com/passmgmt.htm

Also check out http://www.portlock.com

I think it is possible to call the change password utility from the Login script....if you don't mind using the old DOS interface, just use @SETPASS (include the path if you want - I dunno your drive mappings or search drives). I'm not sure how to call the Windoze-pretty interface.
0
 
LVL 2

Author Comment

by:astrand
ID: 11926365
A DOS-like solution in the login results screen window is not acceptible; it must be a GUI. I've checked the links above, but cannot find anything like that.

So, I guess what I'm looking for is basically a GUI-variant of @SETPASS.

I'm raising to 400 points.
0
 
LVL 35

Accepted Solution

by:
ShineOn earned 400 total points
ID: 11926550
Spend $500 for WinBatch+Compiler and roll your own executable that will pop up a window and tell the user their password will expire in x days, giving them buttons to press or whatever, if they want to ignore it or change it or...

WinBatch can GUI-ize dang near anything you want, and has an extender made for modern NetWare.

If you want if for free, then you might find something on Cool Solutions that an admin has written already.   Like this one:  http://www.novell.com/coolsolutions/tools/1911.html

0
 
LVL 2

Author Comment

by:astrand
ID: 11926590
The PassXchk looks promising. But: The doc says the "passchg.exe" program should be included, but it's not!
0
 
LVL 2

Author Comment

by:astrand
ID: 11926618
0
 
LVL 2

Author Comment

by:astrand
ID: 11926816
I will probably accept ShineOn:s solution, but I'll need to test it first.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11942088
I didn't even get any points, so it didn't affect me, but I thot the grade was low. Glad to see the Asker is reconsidering.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Adding Computers to AD groups through an SCCM Task Sequence
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question