05-04-2009 09:10 PM - edited 03-10-2019 04:28 PM
The setup is a VPN Client 5.0 connecting using a VPN Concentrator 3015 (Using RADIUS with password expiry). ACS is setup using a External DB (Windows2k3 DC) with MC-CHAPv1/v2 password changes enabled.
Everything is working. However, when user password is expired the client does not prompt for password change.
ACS can see the failed attemps as 'Authen-Failure-Code - Windows user must change password'. Without the prompt however, the user cannot change his/her password.
Any feedback is welcome. Thanks.
05-05-2009 08:35 AM
Hi,
Please make sure it is configured as per this link,
Regards,
~JG
Do rate helpful posts
05-05-2009 06:32 PM
Hi JG,
Thanks for the reply. The exact guide has been followed as closely as possible (but not to the dot as some fields are missing due to version differences) but the issue persists.
Wondering if there's any known bug/gotchas for this spec:-
- Cisco ACS v4.2 (Running on 1113 SE)
- Win2K3 Enterprise/DC running ACS RA 4.2.0.124-k9 (isolated native domain - no child/trusted r'ship setup)
- VPN Concentrator 3015 v4.7.2
- VPN client 5.0.00.0340
Straight authentication is definitely ok - it's just the password expiry prompt not given. The system admin has assured me the AD is running ok but I wonder if there's any special configuration that we should be especially aware of (I have showed him this: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp311476 and able to verify that the settings have been followed).
Any comment is welcome. Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide