<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi!</p>
<p>Thank you very much for your reply.<br>
I compiled the packgage using VisualStudio 2017 community + Wix
3.11 + Wix extension,<br>
I changed in the solution properties to compile for 64-bit
architecture (filter dll was marked as 32bit).</p>
<p>Compilation went fine with no error nor warning.</p>
<p>Installation on the server succeeded, I checked registry entries
and the file locations for the agent and filter, all fine,<br>
but the filter dll cannot be load:</p>
<p>The password notification DLL
C:\Windows\System32\ADPasswordFilter.dll failed to load with error
126. Please verify that the notification DLL path defined in the
registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification
Packages, refers to a correct and absolute path
(<drive>:\<path>\<filename>.<ext>) and not
a relative or invalid path. If the DLL path is correct, please
validate that any supporting files are located in the same
directory, and that the system account has read access to both the
DLL path and any supporting files. Contact the provider of the
notification DLL for additional support. Further details can be
found on the web at <a class="moz-txt-link-freetext" href="http://go.microsoft.com/fwlink/?LinkId=245898">http://go.microsoft.com/fwlink/?LinkId=245898</a>.<br>
</p>
<p>I tried to add into the "Notification Packages" registry key
values:<br>
</p>
<p>ADPasswordFilter<br>
and with the full path:<br>
C:\Windows\System32\ADPasswordFilter.dll<br>
<br>
But it changes nothing.<br>
What are other requirements to make it work? C++ runtime? .Net in
specified version?<br>
I have installed Microsoft Visual C++ 2017 Redistributable and
.Net 4.5 and 3.5 but it still doesn't work.</p>
<p>Thanks!<br>
WS<br>
</p>
<div class="moz-cite-prefix">W dniu 25.01.2019 o 20:02, Ezequiel
Alonso pisze:<br>
</div>
<blockquote type="cite"
cite="mid:CAORQm43BoTwKWfys4bhy9w+KfT9Hk19CrpP8k26eKspgm_j3PQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>Sorry,</div>
<div><br>
</div>
<div>I forgot to mention a manual installation step. With
regedit you must add "ADPasswordFilter" in "Notification
Packages" in
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa".</div>
<div><br>
</div>
<div>I take the opportunity to say that we have in our roadmap
the idea of encrypting the passwords and also adding a queue
of password for storing password changes when there is no
connectivity.</div>
<div><br>
</div>
<div>Thank you guys!<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">El vie., 25 de ene. de 2019 a
la(s) 15:29, Ezequiel Alonso (<a
href="mailto:ealonso@identicum.com" moz-do-not-send="true">ealonso@identicum.com</a>)
escribió:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>Hi,</div>
<div><br>
</div>
<div>Thank you for trying our password filter
version!</div>
<div><br>
</div>
<div>We wrote our own version because the one
contributed in 2014 was outdated and <br>
didn't meet our requirements.</div>
<div><br>
</div>
<div>This version is more modular. The DLL will
pass the user and password as parameters to the
agent placed in the path specified in the
registry in the "Agent" entry in
"HKLM\SOFTWARE\ADPasswordFilter" </div>
<div><br>
</div>
<div>You can try to compile the client and the dll
using Visual Studio 15 with the WiX Toolset
plugin for building the installer.</div>
<div><br>
</div>
<div>For manually installing the filter you must
follow the next steps:</div>
<div>
<ul>
<li>Copy the DLL to
"C:\Windows\System32\ADPasswordFilter.dll"</li>
<li>Copy the Agent to "C:\Program
Files\ADPasswordFilter\ADPasswordAgent.exe"</li>
<li>Create the file "C:\Program
Files\ADPasswordFilter\ADPasswordAgent.exe.config"
containing:</li>
<ul>
<li><?xml version="1.0"
encoding="utf-8"?><br>
<configuration><br>
<appSettings><br>
<add key="BASEURL" value="<a
href="http://your-midpoint-instance:8080/midpoint"
target="_blank" moz-do-not-send="true">http://your-midpoint-instance:8080/midpoint</a>"/><br>
<add key="AUTHUSR"
value="administrator"/><br>
<add key="AUTHPWD"
value="5ecr3t"/><br>
</appSettings><br>
<startup><supportedRuntime
version="v4.0"
sku=".NETFramework,Version=v4.5"/></startup></configuration><br>
</li>
</ul>
</ul>
<ul>
<li>Run the following command as admin in the
command prompt:</li>
<ul>
<li>reg add "HKLM\SOFTWARE\ADPasswordFilter"
/v "Agent" /d "C:\Program
Files\ADPasswordFilter\ADPasswordAgent.exe"</li>
</ul>
<li>Reset the domain controller<br>
</li>
</ul>
<div><br>
</div>
</div>
<div>I also commited the installer to the github
repository recently.</div>
<div><br>
</div>
<div>Let me know if you have any issues with the
password filter.<br>
</div>
<div><br>
</div>
<div>Thank you!<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail-m_4322760203267745434gmail_attr">El
vie., 25 de ene. de 2019 a la(s) 13:58, Jason Everling (<a
href="mailto:jeverling@bshp.edu" target="_blank"
moz-do-not-send="true">jeverling@bshp.edu</a>) escribió:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">although we don't use password sync since
our users have to change their passwords through our
password app which syncs it every where else, I tested
the one from Identicum. The one donated to Evolveum is
very outdated, like 5+ years
<div><br clear="all">
<div>
<div dir="ltr"
class="gmail-m_4322760203267745434gmail-m_-590174702570220403gmail_signature">
<div dir="ltr">JASON</div>
</div>
</div>
<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr"
class="gmail-m_4322760203267745434gmail-m_-590174702570220403gmail_attr">On
Fri, Jan 25, 2019 at 10:47 AM Wojciech Staszewski <<a
href="mailto:wojciech.staszewski@diagnostyka.pl"
target="_blank" moz-do-not-send="true">wojciech.staszewski@diagnostyka.pl</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Hi All!<br>
<br>
There are 2 independend midPoint password-agents for
AD.<br>
<br>
First made by Radovan from Evolveum:<br>
<a
href="https://github.com/Evolveum/midpoint-password-agent-ad"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://github.com/Evolveum/midpoint-password-agent-ad</a><br>
<br>
Second made by Identicum:<br>
<a
href="https://github.com/Identicum/midPointADPasswordAgent"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://github.com/Identicum/midPointADPasswordAgent</a><br>
<br>
I want to play with them, but unfortunately I cannot
compile the installers. Exe and dll files are compiled
ok.<br>
But I don't know how to install it manually (win2012
x86_64)<br>
<br>
I put MidPointPasswordFilter.dll into
c:\windows\system32 dir,<br>
then installed Microsoft Visual C++ 2010 x64
Redistributable,<br>
and modified registry
HKLM->SYSTEM->CurrentControlSet->Control->Lsa->Notification
Packages,<br>
<br>
but the Dll cannot be load:<br>
"The password notification DLL MidPointPasswordFilter
failed to load with error 126." <- most likely
missing some dependencies.<br>
<br>
Does any of you have any experience with these agents?<br>
Maybe you have the installers compiled (for x86_64)
and can share them?<br>
<br>
Thanks<br>
WS<br>
-- <br>
Wojciech Staszewski<br>
Administrator Systemów Sieciowych<br>
<a href="http://www.diagnostyka.pl" rel="noreferrer"
target="_blank" moz-do-not-send="true">www.diagnostyka.pl</a><br>
Diagnostyka Sp. z o. o.<br>
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków<br>
Numer KRS: 0000381559 (Sąd Rejonowy dla
Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy
KRS)<br>
NIP: 675-12-65-009; REGON: 356366975<br>
Kapitał zakładowy: 33 756 500 zł.<br>
<br>
Pomyśl o środowisku zanim wydrukujesz ten e-mail.<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote>
</div>
<br clear="all">
<br>
-- <br>
<div dir="ltr"
class="gmail-m_4322760203267745434gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr"><b>Ezequiel Alonso</b><br>
<span style="color:rgb(102,102,102)">Identicum
S.A.<br>
<a
href="https://maps.google.com/?q=Jorge+Newbery+3226"
target="_blank" moz-do-not-send="true">Jorge
Newbery 3226, Buenos Aires, Argentina</a><br>
Tel: +54 (11) 4552-3050<br>
<a href="https://www.identicum.com/"
target="_blank" moz-do-not-send="true">www.identicum.com</a></span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br clear="all">
<br>
-- <br>
<div dir="ltr" class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr"><b>Ezequiel Alonso</b><br>
<span style="color:rgb(102,102,102)">Identicum
S.A.<br>
<a
href="https://maps.google.com/?q=Jorge+Newbery+3226"
target="_blank" moz-do-not-send="true">Jorge
Newbery 3226, Buenos Aires, Argentina</a><br>
Tel: +54 (11) 4552-3050<br>
<a href="https://www.identicum.com/"
target="_blank" moz-do-not-send="true">www.identicum.com</a></span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Wojciech Staszewski
Administrator Systemów Sieciowych
tel. kom: 663 680 236
<a class="moz-txt-link-abbreviated" href="http://www.diagnostyka.pl">www.diagnostyka.pl</a>
Diagnostyka Sp. z o. o.
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
NIP: 675-12-65-009; REGON: 356366975
Kapitał zakładowy: 33 756 500 zł.
Pomyśl o środowisku zanim wydrukujesz ten e-mail.</pre>
</body>
</html>