Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1145
Views
0
Helpful
3
Replies

Unable to login when change password option is enabled

Anand Narayana
Level 6
Level 6

‎12-02-2011 10:17 AM - edited ‎03-10-2019 06:36 PM

Hi,

  I have configured remote vpn on my Cisco ASA and users connecting to this will use Cisco VPN dialer and gets authenticated with the Windows 2008 domain controller credentials. Now the problem I face is, when i set the option for user-A as "user must change the password during next login" it doesn't accept , it accepts only when I uncheck only then the user-A will be able to login.

Any ideas what option or configuration do I to do so that it can popoup for changing the password?

FYI I use windows 7 profession edition with Cisco VPN dialer client ver. 5.0.04.0300. I am unable to find "windows logon properties" under the "options" menu.

Labels:
0 Helpful
3 Replies 3

Sam Hertica
Cisco Employee
Cisco Employee

‎12-13-2011 03:15 PM

are you using straight PAP for authentication? It's a long shot, but i've seen stuff like this before. It all boiled down to the PAP protocol...at its core the response can either be "yes" or "no". Not "yes", "no", or "yes but user must change his password". Since the ACS has to choose yes or no, it goes with no.

The workaround before was to use something other than pap, or configure ascii-authentication (it was on a nexus, so the command was aaa authentication login ascii-authentication).

0 Helpful

Anand Narayana
Level 6
Level 6
In response to Sam Hertica

‎12-13-2011 03:25 PM

Hi,

  I managed to get the password change option pop-up when "Change password during next login" set for for the user-A in windows 2008 Active Directory. But now the issue is, I enter the old password, it accepts & then its pops up to enter me the new password twice, when I enter the new password with some special charecters it stills pops me up to enter the new password with special charecters. After 2-3 attempts it disconnects. It will allow me to connect only when I un-check the "change password during next login"

Any ideas?

0 Helpful

Sam Hertica
Cisco Employee
Cisco Employee
In response to Anand Narayana

‎12-13-2011 04:00 PM

My mistake! I misread ASA as ACS...I didn't realize your radius server was the microsoft IAS server. I'm not entirely sure anymore...

sorry for any false hopes!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents