Password Management

shahkalpeshj · ‎07-27-2012

Hi,

I am having this issue with the password management on the ASA. Everything on the ASA is configured according to the Cisco Document. Now the issue is that when I log in using the anyconnect client or using the webvpn, it does not prompt me that my password is to expire in x number of days. I have tried it all the different number of days, but it still would not work. When I did a debug to find out about the password management, I could see that it was getting the attributes from the LDAP server, except the password expiry details from it.

now: Thu, 19 Jul 2012 17:05:47 GMT, lastset: Thu, 19 Jul 2012 17:05:33 GMT, delta=14, maxage=159663333 secs

[279] expire in: -1080764968 secs, 37201 days

This is somewhat of an issue as on the LDAP server, my user account has been set to have the password changed in 5 days and the same was done on the ASA, but still was not prompted about it.

When looking at the debugs, it shows most of the attributes that are configured for the user, but when it comes to the password management, it just does not seem to be getting that attribute from the LDAP server. We are using Windows 2008 and AD 2008 server for it.

Would really appreciate if got some help in solving this.

Thanks,

Kalpesh

Ramraj Sivagnanam Sivajanam · ‎07-28-2012

Hi Bro

I'm assuming your configuration on the Cisco ASA and LDAP is correct. Perhaps, your Cisco ASA is hitting a bug. Please refer to these URLs for further details;

https://supportforums.cisco.com/thread/2013344

http://www.cisco.com/en/US/products/csa/cisco-sa-20070502-asa.html

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c3c45.shtml#cli

P/S: if you think this comment is useful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam