I'm setting up VPN authentication using ACS 5.1 and ASA 8.0.5. User connects using Cisco VPN client, and is authenticated to Internal users db on ACS. Everything works, except that if "Change password on next login" is checked for a user, the login will fail. The Radius log on ACS says user need to change password. However it didn't prompt for the password change. I know there must be a simple option either in VPN client profile or ini file, or on ASA tunnel group definition. However I tried several options, still couldn't make it work. Does anyone know?
Thanks,
Tao
