Hi all, i've recently set up cisco anyconnect on a cisco5525X appliance running ver9.14(1)10, i'm using radius via Cisco ISE v2.7 which is connecting to active directory
I've come to configure password resets for users with expired passwords, I have done this by enabling "password management" in the in tunnel-group/Connection Profile, the prompt correctly appears and allows the users to change their password on clientless or via the anyconnect client. However as soon as they do this they can no longer authenticate, they get 'authentication failed'. If I remove the command "password-management" in tunnel-group/Connection Profile then they can login no problem.
We are using secondary authentication with an RSA appliance
In the ASA logs i can see the AAA user authentication Rejected : reason = AAA failure : server = 10.0.110.10 : user = ***** : user IP = *.*.*.*
When I check the Radius logs on Cisco ISE they show up as authentication passed at all times
There is nothing in the logs of the RSA appliance
Any thoughts appreciated