Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3693
Views
1
Helpful
5
Replies

self-reset password on windows with 802.1x enable

Go to solution
kriengsak.lomket
Level 1
Level 1

‎11-19-2019 05:59 PM

Hello there, 

 

I would like to ask around and pool some ideas on how other planets are doing in the self-service password reset area for windows user.

 

Do you implement this self-service password reset function for windows users? and what method that you deployed 802.1x network authentication for Cisco ISE - AnyConnet?

 

Is the machine authentication are secure than the user authentication option?

 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-windows

 

General limitations saying ...

This feature does not work for networks with 802.1x network authentication deployed and the option “Perform immediately before user logon”. For networks with 802.1x network authentication deployed it is recommended to use machine authentication to enable this feature.

Any advice and experience greeting appreciated.

 

Best Regards, 

Kriengsak

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎11-22-2019 12:27 PM

Not sure really what you are going on here. If you're looking to do password reset for AD users in your domain that are using dot1x supplicant then likely you will not be able to do this. Its a limitation of the protocols and the software on the clients as well.

What most companies do is they setup a password change portal and notify the users well before the password expires.

https://www.google.com/search?sxsrf=ACYBGNQOfTondnRp_c0YiFmqVNJX27uAMQ%3A1574452709142&ei=5T3YXdmiCKek_QaysLz4BA&q=ise+password+change+dot1x&oq=ise+password+change+dot1x&gs_l=psy-ab.3..33i160.28750.29391..29645...0.2..0.232.1135.2-5......0....1..gws-...

Here are some threads on password change using google search
https://community.cisco.com/t5/identity-services-engine-ise/ise-dot1x-not-allowed-to-change-password-while-password-expired/td-p/3463385
https://community.cisco.com/t5/policy-and-access/users-can-t-change-password-since-802-1x-and-ise-implementation/td-p/2056965

View solution in original post

5 Replies 5

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎11-22-2019 12:27 PM

Not sure really what you are going on here. If you're looking to do password reset for AD users in your domain that are using dot1x supplicant then likely you will not be able to do this. Its a limitation of the protocols and the software on the clients as well.

What most companies do is they setup a password change portal and notify the users well before the password expires.

https://www.google.com/search?sxsrf=ACYBGNQOfTondnRp_c0YiFmqVNJX27uAMQ%3A1574452709142&ei=5T3YXdmiCKek_QaysLz4BA&q=ise+password+change+dot1x&oq=ise+password+change+dot1x&gs_l=psy-ab.3..33i160.28750.29391..29645...0.2..0.232.1135.2-5......0....1..gws-...

Here are some threads on password change using google search
https://community.cisco.com/t5/identity-services-engine-ise/ise-dot1x-not-allowed-to-change-password-while-password-expired/td-p/3463385
https://community.cisco.com/t5/policy-and-access/users-can-t-change-password-since-802-1x-and-ise-implementation/td-p/2056965

Go to solution
kriengsak.lomket
Level 1
Level 1
In response to Jason Kunst

‎12-06-2019 11:17 PM

thanks for stop by for the information, we managed to resolve the issue.

0 Helpful

Go to solution
TimPatrick-ADS
Level 1
Level 1
In response to kriengsak.lomket

‎02-25-2020 01:26 PM

Would you be able to share what you did to solve it, we are facing the exact same issue.

0 Helpful

Go to solution
v_cheriyan@qp.com.qa
Level 1
Level 1
In response to kriengsak.lomket

‎02-10-2022 01:01 PM

could you please let me know how this was sorted out

0 Helpful

Go to solution
Dércio Gulele
Level 1
Level 1
In response to kriengsak.lomket

‎07-14-2023 12:35 AM

Hi. 

How did you solve this issue, as I am facing the same problem.

Thanks,

0 Helpful
Customers Also Viewed These Support Documents
Top