blocked [[184.108.40.206 (Talk)]] with an expiry time of 3 days (anonymous users only, account creation disabled, autoblock disabled) Removing content from pages
on 10/24/2010 – Made popular on 10/24/2010
I have an ADFS 2.0 server set up to use Smart Card authentication.
It works great if the user already exists in the AD, or isn't disabled.
Slight background, we operate an Active Directory forest that uses a third party PKI for user authentication. We don't have a trust to the original AD, just the PKI, so user accounts will be created on an as needed basis.
Disabled a standard user account but did not opt to delete files. Later, tried to enable the account. At that time, a password had to be selected so entered a different one from the earlier one. Now, at the log-in screen the user account appears but cannot log in using the new password or the old password. Tried many tricks but still could not let the user log into the account.
We have a test server that does allow challenge-response authentication. I don't want to disable that, but when I create a new user account I ask users to send me a public key, and want to force users to set the password the first time they log in with keypair authentication.