08-14-2009 06:28 AM
I have configured an ASA to authenticate remote access & SSL VPN to a Microsoft LDAP server using LDAPS. I have configured the LDAP server to enforce the user to change the password at next logon, however I want to enforce additional security to make the user change the password before the account expires on the Windows DC. The problem I have is that even though I set user account on the DC to expire and enforce "interactive logon; prompt user to change password before expiration", the user is never prompted when attempting to login via VPN within the days left to expiration. Can anyone help.
08-17-2009 06:26 AM
Have you configured the "password-management password-expire-in-days X" command under the tunnel group in question?
08-27-2009 02:49 AM
Apologies for the delay in my reply. In answer to your question, yes this was configured. I do now have a working solution except for one thing, the password hostory function does not work when enabled on the domain controller, users can change back to a password they have used previously. I am going to start a new thread regarding this issue, however if you know an answer then please let me know.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide