Opnevpn client to site and change password domain user
-
hello everyone, I have a vpn on pfsense with OpeVpn configured client to site, and everything works perfectly, but I have a big problem, when Windows asks for a password change, if the windows pc is inside the company then connected to the domain it works but if the operator is at home working in smartworking then the password obviously doesn't change and it is changed only on the local PC and if I connect the vpn I don't see the network because the passwords don't match.
how can i fix it? an openvpn I configured single users I have not connected the users on the domain, if I do this then the password change works when the vpn is connected? -
Can we assume OpenVPN is authenticating against AD and Windows password changes are supposed to be set there?
This seems like something Windows would have to solve. And there probably is a solution already. -
@stephenw10 hi thanks for the answer.
No Openvpn authenticates via preconfigured users from system->user manager -
@miami71it
Is the domain controller even reachable over the VPN? -
Mmm, if this isn't a chicken/egg type problem then just allow remote hosts to connect to the DC. Changing the password on the client shouldn't prevent the VPN connecting if it's using a local user list.
-
@stephenw10 but the users are enabled, the PCs are all connected to a domain, when I'm in the office it works great, when I'm in smartworking it doesn't, because when they turn on the PC, Windows asks them to change their password but the connection to OpenVpn takes place after the change therefore windows locally changes the password but then they don't enter the network shares because the domain has not received the password change
-
Hmm, well that still sounds like a Windows problem. Nothing pfSense can do about that. I do recall some discussion of running the OpenVPN client as a service so it's connected before login. That should be here on the forum somewhere.
