cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
894
Views
0
Helpful
3
Replies
Highlighted
Beginner

password-management anyconnect -> ASA -> ACS5.3 -> MS AD

Hello,

Does anybody know, if the notification that the pw will expire in xx days works in the scenario named in the headline?

Anyconnect SSL-VPN (ver 3.1.xxx) terminating on ASA 5510, v 8.4.4, authentication: Radius to ACS 5.3 (over MSChapV2), IdentityStore: MS ActiveDirectory.

the Password-Change (if the pw is set to "change at next Logon") is working, even if there is a Bug, too (on the ac-client).

In the tunnel-group password-manegement is enabled and notify is set to the default of 14 days.

does the ACS interrupt the notification? I can't see any message in ACS Log or in "debug aaa common 255" or "debug radius" on ASA

Do you need any config or debug-output?

Thanks

Everyone's tags (4)
3 REPLIES 3
Advocate

password-management anyconnect -> ASA -> ACS5.3 -> MS AD

Karl,

You are referring to the tacacs password expiration notification. This not the message that is used with radius for internal users. Once the user's p/w expires it will prompt the user to change their password.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*
Beginner

password-management anyconnect -> ASA -> ACS5.3 -> MS AD

So, is this feature "password-management" only relevant for TACACS ?

Advocate

password-management anyconnect -> ASA -> ACS5.3 -> MS AD

No,

The "password change notification message" in ACS is only used for tacacs password expiration. You can still use the password change feature on the ASA and the ACS.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*