Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1605
Views
5
Helpful
2
Replies

ISE as RADIUS server for VPN doesn't allow password changes

joseph.williams@atos.net
Level 1
Level 1

‎05-23-2019 04:37 PM

OK, been working on this a while and I'm down to just a few more items.

 

I am using a 5510 as a VPN server for multiple clients.

I can connect into my network BUT,

If I set the user account on ISE to force a password change, the login process is not working.

The user doesn't get any indication to change their password. When I look up the transaction in the RADIUS log I get 5400 Authentication failed with reason 24203 User need to change password.

 

What am I doing wrong.

 

I also tried this using RADTEST from ACS and I get the same thing. No indication or message to change password.

 

Thanks

Joe

Labels:
0 Helpful
2 Replies 2

Sathiyanarayanan Ravindran
Spotlight
Spotlight

‎05-30-2019 07:46 AM

Hi Joe,

 

Check on the Tunnel Group whether the command password-management is present.

 

Refer: Password Change on 1st Login for Locally Created User

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

joseph.williams@atos.net
Level 1
Level 1
In response to Sathiyanarayanan Ravindran

‎05-30-2019 09:10 AM

Yep, I found that a few days ago and that was the reason.

Thanks

0 Helpful
Customers Also Viewed These Support Documents