We have our macs bound to AD (transitioning to NoMAD in the works). About 5 months ago we added a tiered password expiration based on password length using following article:
http://techgenix.com/Configuring-Granular-Password-Settings-Windows-Server-2008-Part-1/
14 characters or longer get 365 days password expiration
all else 180 days
Now after 5 months users (with 14 character passwords) only upon reboot while directly connected to the network via ethernet are being prompted that their password is about to expire ( they seem to be getting the default AD password policy) citing 6 month expiration. This does not happen if the same user attempts to login to windows machine.
To debug this I plan to do the following:
- attempt to check/set the precedence level on the password policy's
- I've a startup application which does tcpdump before the user logs in - in order to capture any password expiration settings are exchanged.
Any thoughts?