Hi all;
I am using ISE 3.2 with Patch 2 in my environment. I am using Device Administration module and configured my Catalyst switches to use ISE as the central point for authentication. When the AD user tries to change its password, sees the following error message:
The following checks and steps I used for resolving this issue:
- The AD user configured with the "User cannot changed password" option DISABLED.
- The AD join point works as expected.
- I choose the new password based on the password policy that is configured on the domain.
- The "Enable Password Change" option is enabled under the Advanced Settings for my AD join point.
- I have installed the latest patch (Patch 2) on my ISE.
Any ideas?
Thanks
Thanks for your reply;
For the sake of simplicity, I have disabled password policies on my demo lab.
Yeah sorry - that was the wrong question to ask. ISE doesn't get involved with the password complexity checking.
I guess we should ensure that the following checkbox is enabled:
And as for the password complexity, it seems that AD enforces that. I was able to change my AD password once via a TACACS login to a device. And thereafter it flat out refused me to change it to anything else. I wonder if AD is preventing me from doing that.
