cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2027
Views
0
Helpful
1
Replies

Cisco VPN, NT authentication, and password expiration

e.schliesing
Level 1
Level 1

I currently have users that access our Exchange servers via Cisco VPN client to my VPN 3030. Authentication is NT domain, and works great for most of us. The problem is my NT admin setup 250 more users, and set password expiration on next login. I was testing and found that the temporary login worked, I authenticated, and then I was re-challenged for another password. I know this to be the "your password have expired, please choose a new one" script. Problem is I cannot change the password via VPN client at all. So what do you do if your users will NEVER login physically into your LAN? Our Security Policy mandates a 30-day expiration.....

Suggestions??

1 Reply 1

bsaltbaek
Level 1
Level 1

Hi e?

One solution could be to setup an Windows web-server with SSL. Then create a 128-bit secure webpage where users could change their password.

For secure reasons you could let the server NOT be a member of the domain that the users are in and create an account in the domain for the webserver which just have the rights to change passwords and nothing else.

Regards,

Bjarne Saltbaek

IT Solution Provider

Kraks Forlag AS - www.krak.dk

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: