12-02-2011 10:17 AM - edited 03-10-2019 06:36 PM
Hi,
I have configured remote vpn on my Cisco ASA and users connecting to this will use Cisco VPN dialer and gets authenticated with the Windows 2008 domain controller credentials. Now the problem I face is, when i set the option for user-A as "user must change the password during next login" it doesn't accept , it accepts only when I uncheck only then the user-A will be able to login.
Any ideas what option or configuration do I to do so that it can popoup for changing the password?
FYI I use windows 7 profession edition with Cisco VPN dialer client ver. 5.0.04.0300. I am unable to find "windows logon properties" under the "options" menu.
12-13-2011 03:15 PM
are you using straight PAP for authentication? It's a long shot, but i've seen stuff like this before. It all boiled down to the PAP protocol...at its core the response can either be "yes" or "no". Not "yes", "no", or "yes but user must change his password". Since the ACS has to choose yes or no, it goes with no.
The workaround before was to use something other than pap, or configure ascii-authentication (it was on a nexus, so the command was aaa authentication login ascii-authentication).
12-13-2011 03:25 PM
Hi,
I managed to get the password change option pop-up when "Change password during next login" set for for the user-A in windows 2008 Active Directory. But now the issue is, I enter the old password, it accepts & then its pops up to enter me the new password twice, when I enter the new password with some special charecters it stills pops me up to enter the new password with special charecters. After 2-3 attempts it disconnects. It will allow me to connect only when I un-check the "change password during next login"
Any ideas?
12-13-2011 04:00 PM
My mistake! I misread ASA as ACS...I didn't realize your radius server was the microsoft IAS server. I'm not entirely sure anymore...
sorry for any false hopes!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: