password-management anyconnect -> ASA -> ACS5.3 -> MS AD

gaigl · ‎10-04-2012

Hello,

Does anybody know, if the notification that the pw will expire in xx days works in the scenario named in the headline?

Anyconnect SSL-VPN (ver 3.1.xxx) terminating on ASA 5510, v 8.4.4, authentication: Radius to ACS 5.3 (over MSChapV2), IdentityStore: MS ActiveDirectory.

the Password-Change (if the pw is set to "change at next Logon") is working, even if there is a Bug, too (on the ac-client).

In the tunnel-group password-manegement is enabled and notify is set to the default of 14 days.

does the ACS interrupt the notification? I can't see any message in ACS Log or in "debug aaa common 255" or "debug radius" on ASA

Do you need any config or debug-output?

Thanks

Tarik Admani · ‎10-04-2012

Karl,

You are referring to the tacacs password expiration notification. This not the message that is used with radius for internal users. Once the user's p/w expires it will prompt the user to change their password.

Thanks,

Tarik Admani
*Please rate helpful posts*

gaigl · ‎10-04-2012

So, is this feature "password-management" only relevant for TACACS ?

Tarik Admani · ‎10-05-2012

No,

The "password change notification message" in ACS is only used for tacacs password expiration. You can still use the password change feature on the ASA and the ACS.

Thanks,

Tarik Admani
*Please rate helpful posts*