https://community.cisco.com/t5/network-access-control/acs-5-1-password-issue/m-p/1475557#M285509 <HTML><HEAD></HEAD><BODY><P>There is patch 3 that can be downloaded from CCO for ACS 5.1. Included</P><P> within the fixes is fix for following issue:</P><P></P><P> CSCtd99822 - AD users with expired passwords fail authentication</P><P></P><P>I think this covers the case you are describing</P></BODY></HTML> Wed, 23 Jun 2010 16:44:29 GMT jrabinow 2010-06-23T16:44:29Z https://community.cisco.com/t5/network-access-control/acs-5-1-password-issue/m-p/1475556#M285508 <P>Just seeing if anybody has this issue or can point me in the right direction.</P><P></P><P>We are running ACS 5.1 connected to AD.&nbsp; When a user changes their password in AD after it expires, they cannot get into anything that authenticates through ACS.&nbsp; No TACACS, no RADIUS.&nbsp; The error that comes up in the log on ACS is:</P><P></P><P>24407 User authentication against Active Directory failed since user is required to change his password</P><P></P><P>The catch is, as I said earlier, the user has already changed their password at this time.&nbsp; They can get into everything that requires AD authentication but it blocks them from TACACS and RADIUS which affects device access as well as VPN access.</P> Mon, 11 Mar 2019 00:12:42 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-password-issue/m-p/1475556#M285508 mmarvel 2019-03-11T00:12:42Z https://community.cisco.com/t5/network-access-control/acs-5-1-password-issue/m-p/1475557#M285509 <HTML><HEAD></HEAD><BODY><P>There is patch 3 that can be downloaded from CCO for ACS 5.1. Included</P><P> within the fixes is fix for following issue:</P><P></P><P> CSCtd99822 - AD users with expired passwords fail authentication</P><P></P><P>I think this covers the case you are describing</P></BODY></HTML> Wed, 23 Jun 2010 16:44:29 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-password-issue/m-p/1475557#M285509 jrabinow 2010-06-23T16:44:29Z