Virtual Learning Platforms Thread, [Frog] AD authentication problems. in Technical; Just come up against something very strange recently with the AD authentication of our Frog box. We noticed that one ...
26th May 2012, 12:19 AM #1
[Frog] AD authentication problems.
Just come up against something very strange recently with the AD authentication of our Frog box. We noticed that one student was logging into Frog as someone else in order to access the network home drive. Immediately we changed the victims password thinking that that was job done. Except that I then saw the student still logging in as the victim. I then tried logging in as the victim with their old password and indeed I was allowed in. I then thought I had made a mistake and changed the wrong users password. So I logged on to a computer (not Frog) as the victim with their old password and it failed, then I tried the new password and it worked.
I have since replicated this problem. By:
Created a test student in AD and set a password (A).
Create the matching user in Frog with random password and AD authentication ticked.
Log into Frog with password A. It works.
Reset the password (B) in AD and wait for AD replication to happen.
Log into Frog with password A. It still works.
Try a different browser and log into Frog with password A. It still works.
Try yet another browser and log into Frog with password A. It still works.
Log into Frog with password B. It works.
Log into Frog with password A. It now fails.
Has anyone else seen this?
Would someone else have the time to try this out to see if it is just us?
Last edited by sjatkn; 26th May 2012 at 12:22 AM.
26th May 2012, 08:06 PM #2
our frog box imports our students for us and any changes to passwords replicate with no issues what version of frog are you using check in your toolkitas frog are known for breaking things with updates.
also do you have 2 dcs if so check to see if replication is working
we have main dc and a backup dc here and replication is working
i have noticed sometimes that the dc a users logs in from changes now and again
27th May 2012, 05:19 PM #3
Frog keeps a encrypted copy of all passwords in its database.
It checks against the Frog copy of password first and only if it fails it will try the password against AD using LDAP.
Frog have designed it like this for speed so it dose not need to authenticate to your domain controlers every time.
Unfortunatly that means that if you change a password the old one will continue to work as its stored on Frog, up until the point you use the new one and it checks it via LDAP.
Thanks to MicrodigitUK from:
28th May 2012, 11:02 PM #4
That is what I suspected. Now to get Frog to confirm it also and put a timeout on the password cache!
Originally Posted by MicrodigitUK
I will now be adding an extra step to our password change policy to include logging into Frog using the new password.
8th October 2012, 09:52 PM #5
Did you get anywhere with this?
I've just been told (thirdhand!) that we've encountered this problem ourselves. Students who have just changed their passwords / had them changed can log into Windows fine as you'd expect - but if their attempt to then get into Frog then fails.
Seems our Frog platform is more-or-less relying very heavily on the cache and doesn't bother to refer to AD all that often - if the student waits an indeterminate period of time, they can eventually log in using their new password. Or they can log in again immediately using their old AD password.
You'd have thought that a fail in the request to cache for authentication would then prompt an immediate call to AD - but it doesn't seem to quite work that way in our case.
Last edited by TheCrust; 8th October 2012 at 10:02 PM.
By Stefletch in forum Office Software
Last Post: 10th February 2007, 11:00 AM
Last Post: 29th August 2006, 03:13 PM
By pooley in forum Wireless Networks
Last Post: 20th July 2006, 06:44 PM
Last Post: 28th June 2006, 07:15 PM
Last Post: 24th May 2006, 07:23 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)