https://community.cisco.com/t5/wireless/eap-fast-acs-cssc-ad-password-changes/m-p/857601#M11004 <P>We have been using 802.1x machine and user authentication via MS built-in supplicant (PEAP, MSCHAP-v2) and MS IAS (radius) backend on a wired network for about a year.</P><P></P><P>We recently migrated our 802.1x platform to CSSC 4.2 and ACS 4.1. </P><P></P><P>I soon discovered that when MS AD informs the user that their password requires changing (after 30 days due to GP), the user happily changes their password, and soon after, CSSC authentication fails. A reboot and subsequent Logon resolves the problem. </P><P></P><P>It seems CSSC has cached the initial logon details and has not updated itself when the password change took place?</P><P></P><P>Has anybody else experienced this problem and discovered a solution?</P><P> </P> Sat, 03 Jul 2021 21:52:55 GMT toddsandery 2021-07-03T21:52:55Z https://community.cisco.com/t5/wireless/eap-fast-acs-cssc-ad-password-changes/m-p/857601#M11004 <P>We have been using 802.1x machine and user authentication via MS built-in supplicant (PEAP, MSCHAP-v2) and MS IAS (radius) backend on a wired network for about a year.</P><P></P><P>We recently migrated our 802.1x platform to CSSC 4.2 and ACS 4.1. </P><P></P><P>I soon discovered that when MS AD informs the user that their password requires changing (after 30 days due to GP), the user happily changes their password, and soon after, CSSC authentication fails. A reboot and subsequent Logon resolves the problem. </P><P></P><P>It seems CSSC has cached the initial logon details and has not updated itself when the password change took place?</P><P></P><P>Has anybody else experienced this problem and discovered a solution?</P><P> </P> Sat, 03 Jul 2021 21:52:55 GMT https://community.cisco.com/t5/wireless/eap-fast-acs-cssc-ad-password-changes/m-p/857601#M11004 toddsandery 2021-07-03T21:52:55Z https://community.cisco.com/t5/wireless/eap-fast-acs-cssc-ad-password-changes/m-p/857602#M11005 <HTML><HEAD></HEAD><BODY><P>Does this happen everytime you logon with new password?</P></BODY></HTML> Wed, 07 Nov 2007 22:27:32 GMT https://community.cisco.com/t5/wireless/eap-fast-acs-cssc-ad-password-changes/m-p/857602#M11005 2007-11-07T22:27:32Z https://community.cisco.com/t5/wireless/eap-fast-acs-cssc-ad-password-changes/m-p/857603#M11006 <HTML><HEAD></HEAD><BODY><P>Well, whenever a password change is required by AD (once every 30 days). ACS then reports "Invalid Protocol Data" when the next 802.1x reauthentication occurs soon after the AD password change. The remote agent log shows the authentication as successful. Rebooting the PC resolves the issue for another 30 days but this is not acceptable.</P><P></P><P>I'm using ACS 4.1.1.23.p5 CSSC 4.2.0.6187 and CTA 2.1.3.0</P><P></P><P></P></BODY></HTML> Wed, 07 Nov 2007 23:11:10 GMT https://community.cisco.com/t5/wireless/eap-fast-acs-cssc-ad-password-changes/m-p/857603#M11006 toddsandery 2007-11-07T23:11:10Z