cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

153
Views
5
Helpful
2
Replies

ISE as RADIUS server for VPN doesn't allow password changes

OK, been working on this a while and I'm down to just a few more items.

 

I am using a 5510 as a VPN server for multiple clients.

I can connect into my network BUT,

If I set the user account on ISE to force a password change, the login process is not working.

The user doesn't get any indication to change their password. When I look up the transaction in the RADIUS log I get 5400 Authentication failed with reason 24203 User need to change password.

 

What am I doing wrong.

 

I also tried this using RADTEST from ACS and I get the same thing. No indication or message to change password.

 

Thanks

Joe

2 REPLIES 2
Highlighted

Re: ISE as RADIUS server for VPN doesn't allow password changes

Hi Joe,

 

Check on the Tunnel Group whether the command password-management is present.

 

Refer: Password Change on 1st Login for Locally Created User

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

Re: ISE as RADIUS server for VPN doesn't allow password changes

Yep, I found that a few days ago and that was the reason.

Thanks