Hello,
Im having some troubles with the pwdresetsample.nsf application and pwd synching.
When a user open pwdresetsample.nsf (IE 8) then fill in the new password (twice), it changes the web pass but the lotus notes pass doesnt change.
I get the same behaviour when in LN admin (8.5.1 FP4) i try to reset someone’s pw using the tools menu (having the user’s person doc selected) IDVault / change user paswword. Only the web pwd change. That user does have his ID into the vault.
NSL is used, both OS and LN passwords are synched. Again, if i change windows password, it does change LN password to stay in synch, but Inotes pwd isnt changed.
Server is 8.5.1 no fix pack installed yet.
Im clearly missing something, but i dont know what.
Thanks
Subject: Question about NSL
First, a question about NSL:
When you say NSL, do you mean the new “Notes shared login” featured introduced in 8.5? Or are you using the older “client single logon” feature, which had to be installed?
With Notes shared login, the ID is no longer protected by a password, but through a different mechanism. The Notes and Internet syncing feature cannot be used with the new Notes shared login.
Subject: NSL
Yes i do mean notes shared login. Looks like i missed the part about the no synching between inotes and LN when using NSL …
Is there another way to have windows / LN / Inotes passwords synched ?
Thank you
Subject: Using a single password
With the new Notes Shared Login, there’s no reason to synchronize the Windows and Lotus Notes passwords. The ID file is no longer protected using a password, but through a Windows mechanism which takes advantage of the Windows login credentials.
Instead of synchronizing the Windows and Domino Internet passwords, you may be able to use the Windows credentials in Active Directory to authenticate to Domino via HTTP. The following link describes this at at high level:
http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_PLANNING_TO_USE_DIRECTORY_ASSISTANCE_FOR_INTERNET_CLIENT_AUTHENTICATION_STEPS.html
In general, it is better to use a single password (such as the one stored in AD) rather than trying to keep multiple passwords (Notes, iNotes, Sametime, etc) in sync.
Subject: FYI
If i refer to the wiki, synching IDVault and Inotes is possible with a 8.5.1 + Server:
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Notes_ID_vault_on-the-go_and_integration_with_other_programs
"Synchronization of ID files happens automatically when necessary as soon as a user provides a password to perform a secure mail operation to an 8.51 or higher mail server, such as sending a signed message or reading an encrypted message. "
Subject: ID vault synchronization
Beginning in 8.5.1, Lotus iNotes can also use the ID vault and take advantage of its ID management features. For example, if a user forgets his Notes password, the helpdesk can reset the user’s password in the vault, and the user can use that new password in iNotes to read encrypted mail. The ID vault can also be used to synchronize the Notes ID and the ID used by iNotes, after the user has provided the correct Notes ID password. However, note that the Notes ID password is different from the Internet password.
You can turn on Notes ID and Internet password syncing with a Security Policy setting. When a user’s policy specifies that these passwords will be sync’d and the ID is stored in the ID Vault, changing the user’s Notes ID password in iNotes or Notes will cause the user’s Internet password to be updated to the same value. However, you cannot use the Notes and Internet password syncing with an ID enabled for Notes Shared Login, as there is no longer a password used on that copy of the Notes ID and therefore you cannot synchronize the passwords.