Solved: Re: Change active directory password

ptenggren · ‎01-16-2008

Hi everyone,

I have a question that I hope you will answer for me. I'm running an ASA (8.0.2) and using the local Active Directory to authenticate the users while connecting with the VPN-Client and the Web SSL. So far so good, but is there any chances for the users to change the Active Directory password either from the VPN-Client or the Web SSL?

Kind regards

Per

acomiskey · ‎01-16-2008

This is the command you are looking for.

password-management

http://cisco.com/en/US/docs/security/asa/asa71/command/reference/p_711.html#wp1643267

Once enabled on the firewall all you have to do is make sure you are allowing mschap v2 in your remote access policy on IAS server.

When the user connects to the vpn and their password has expired, it will prompt them to change their password.

hostname(config)# tunnel-group group-name general-attributes

hostname(config-tunnel-general)# password-management

There is also a checkbox in the remote access policy in IAS to "allow user to change password after it expires"...check it.

See this post also...

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Virtual%20Private%20Networks&topic=Network%20Management&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbf3144

View solution in original post

acomiskey · ‎01-16-2008