Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1247
Views
2
Helpful
4
Replies

24407 User authentication against Active Directory failed

Arwa Albasari
Community Member

‎12-02-2024 12:43 AM

Hello,

I am implementing ISE 3.2, and facing an issue where users are unable to change their expired passwords. I receive the following error message:
24407 User authentication against Active Directory failed since user is required to change his password
I have already ensured that the "allowed protocols" configuration permits password changes. However, the problem persists. Has anyone faced a similar issue or can suggest a potential solution?

4 Replies 4

Mark Elsen
Hall of Fame
Hall of Fame

‎12-02-2024 02:20 AM

 

 - Can you also check  if the "Enable Password Change" option is set in the Active Directory settings"
    Administration > Identity Management > External Identity Stores > Active Directory > Advanced Settings.

  M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

Arwa Albasari
Community Member
In response to Mark Elsen

‎12-02-2024 02:40 AM

Yes, the "Enable Password Change" option is enabled, but the issue persists.

 
 
0 Helpful

ahollifield
VIP
VIP

‎12-02-2024 05:00 AM

Why are you using PEAP/MSCHAPv2 in 2024?  MS-CHAPv2 uses broken MD4 encryption.  You should move to TEAP using user and device certificates instead.

Arwa Albasari
Community Member
In response to ahollifield

‎12-04-2024 04:11 AM

If I use it, does it solve the problem?

0 Helpful
Customers Also Viewed These Support Documents