Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4462
Views
0
Helpful
5
Replies

Cisco ACS 5.1 and ASA SSL VPN change or notify password expired

Go to solution
angerninta
Level 1
Level 1

‎12-22-2010 07:56 PM - edited ‎03-10-2019 05:40 PM

Hi,

         Now, My ACS and ASA connected with RADIUS(MSCHAPv2). I set up Password Lifetime on ACS and Password Management on ASA.But Cisco ASA doesn't has prompt change or notify anything when user try to login with Clientless SSL VPN. Could you advice me about user change or notify password expired?

Screen shot 2010-12-23 at 10.25.22 AM.pngScreen shot 2010-12-23 at 10.53.47 AM.png

PS.

I check change password on th first login on ACS that ASA  propmt to change password dialog. But I want to change or notify when  password expired

Thank you,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jrabinow
Level 7
Level 7
In response to angerninta

‎05-31-2011 10:50 PM

By default password is marked as disabled after expiry

I think there is an enhancement for this in patch 5.2.0.26.2  and higher that includes the following:

CSCtk32168: Add an option to change password when password expires (T+ and Radius)

After this patch is installed you get an option in the user authentication settings to either:

- Disable user account

- Expire the password

When expiry period is exceeded

If password is expired then user will be prompted to change password on next authentication

Note that latest patch for 5.2 is 5.2.0.26.4. All patches are cumulative

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jagdeep Gambhir
Level 10
Level 10

‎12-23-2010 01:32 AM

Hi ,

If our users are in Windows Database, then users will only be prompted for password change, when their password has expired, not before that.

We can get password expiration message before expiration, only in case we have configured LDAP server directly with ASA for 
user authentication.

Regards,
~JG


Do rate helpful posts
0 Helpful

Go to solution
angerninta
Level 1
Level 1
In response to Jagdeep Gambhir

‎03-12-2011 03:18 AM

Hi,
   
If ACS local users, Can ASA change or notify password expiration message to users?


0 Helpful

Go to solution
angerninta
Level 1
Level 1
In response to Jagdeep Gambhir

‎05-31-2011 07:50 PM

Hi Jagdeep Gambhir,

     I setup password lifttime in acs local users, but it doesn't prompt expired users try to access. I want to know that ACS 5.x can change password in local, or not?

0 Helpful

Go to solution
jrabinow
Level 7
Level 7
In response to angerninta

‎05-31-2011 10:50 PM

By default password is marked as disabled after expiry

I think there is an enhancement for this in patch 5.2.0.26.2  and higher that includes the following:

CSCtk32168: Add an option to change password when password expires (T+ and Radius)

After this patch is installed you get an option in the user authentication settings to either:

- Disable user account

- Expire the password

When expiry period is exceeded

If password is expired then user will be prompted to change password on next authentication

Note that latest patch for 5.2 is 5.2.0.26.4. All patches are cumulative

0 Helpful

Go to solution
angerninta
Level 1
Level 1
In response to jrabinow

‎05-31-2011 11:24 PM

Hi jrabinow,

     I will try to upgrade my ACS to 5.2.0.26.4. Thank you.

angerninta

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents