We use NC17.1 with both the Windows and Android clients. All authentication is against our Windows AD via LDAP. AD password ageing is set at 90 days. For my internal users, this is not a problem as their domain connected PC informs them of the password expiry and they update it.
However for my external users, they rarely if ever connect to our AD domain in a manner that will inform them of the expiry. The issue is that when the password does expire, the Android client in particular, continues to attempt to login repeatedly and very very often. This causes my system monitoring tool to throw up critical alerts about locked accounts, 600 password attempts in the past 10 minutes etc and fills my inbox with security alerts. Multiply that by a large number of users and this is a problem.
I am addressing the password expiry notification issue with my external users but those passwords will continue to expire and these external users are notoriously poor at admin!!
My question. How does the user of the Android Client and/or Windows Client update the password on these clients?
The Windows client has the options of Add New, Logout, and Remove under the ‘Account’ button.
The Android client appears to have no other option but ‘Remove Account’.
The Windows Client help documentation does not mention password changes and I cannot find a user manual for the Android client.
Note: I do not wish to change the AD password via either app. This will be done via another secured method. The users just need the ability to update their password within either app to reflect the current password in AD.
Any assistance will be greatly appreciated.