Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
0
Replies

Cisco ACS 5.x isn't sending a password reset prompt through RADIUS to my Pulse Secure MAG2600.

stephens112
Level 1
Level 1

‎01-13-2016 02:11 PM - edited ‎02-21-2020 10:30 AM

I have a pair of Pulse Secure MAG2600s that serve as my remote access (VPN) into my data center. I'm running my primary authentication for VPN access against OCSP checks and extracting the values of the CN and OU fields of the CERT to determine what role a user will be dropped in to. It's working great.

I have a Cisco ACS 5.7 setup as a RADIUS Server sitting behind my MAG2600s for second authentication.
The authentication is working as expected, but I can't get the 'password prompt' pushed through the pulse client and force the user to change their password when logging in for the first time. After speaking with Cisco, the ACS pushes the prompts through with MS-CHAP. I don't think my MAG2600 supports MS-CHAP. Can anyone think of an alternative or a work around on the ACS side or the MAG2600 (Junos based) VPN side. Or both?

Thanks in advance!

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents