12-22-2010 07:56 PM - edited 03-10-2019 05:40 PM
Hi,
Now, My ACS and ASA connected with RADIUS(MSCHAPv2). I set up Password Lifetime on ACS and Password Management on ASA.But Cisco ASA doesn't has prompt change or notify anything when user try to login with Clientless SSL VPN. Could you advice me about user change or notify password expired?
PS.
I check change password on th first login on ACS that ASA propmt to change password dialog. But I want to change or notify when password expired
Thank you,
Solved! Go to Solution.
05-31-2011 10:50 PM
By default password is marked as disabled after expiry
I think there is an enhancement for this in patch 5.2.0.26.2 and higher that includes the following:
CSCtk32168: Add an option to change password when password expires (T+ and Radius)
After this patch is installed you get an option in the user authentication settings to either:
- Disable user account
- Expire the password
When expiry period is exceeded
If password is expired then user will be prompted to change password on next authentication
Note that latest patch for 5.2 is 5.2.0.26.4. All patches are cumulative
12-23-2010 01:32 AM
Hi ,
If our users are in Windows Database, then users will only be prompted for password change, when their password has expired, not before that.
We can get password expiration message before expiration, only in case we have configured LDAP server directly with ASA for
user authentication.
Regards,
~JG
Do rate helpful posts
03-12-2011 03:18 AM
05-31-2011 07:50 PM
Hi Jagdeep Gambhir,
I setup password lifttime in acs local users, but it doesn't prompt expired users try to access. I want to know that ACS 5.x can change password in local, or not?
05-31-2011 10:50 PM
By default password is marked as disabled after expiry
I think there is an enhancement for this in patch 5.2.0.26.2 and higher that includes the following:
CSCtk32168: Add an option to change password when password expires (T+ and Radius)
After this patch is installed you get an option in the user authentication settings to either:
- Disable user account
- Expire the password
When expiry period is exceeded
If password is expired then user will be prompted to change password on next authentication
Note that latest patch for 5.2 is 5.2.0.26.4. All patches are cumulative
05-31-2011 11:24 PM
Hi jrabinow,
I will try to upgrade my ACS to 5.2.0.26.4. Thank you.
angerninta
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide