Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
0
Helpful
2
Replies

Allowing VPN users to change LDAP password before account expiration

paultribe
Beginner
Beginner

‎08-14-2009 06:28 AM

I have configured an ASA to authenticate remote access & SSL VPN to a Microsoft LDAP server using LDAPS. I have configured the LDAP server to enforce the user to change the password at next logon, however I want to enforce additional security to make the user change the password before the account expires on the Windows DC. The problem I have is that even though I set user account on the DC to expire and enforce "interactive logon; prompt user to change password before expiration", the user is never prompted when attempting to login via VPN within the days left to expiration. Can anyone help.

Labels:
0 Helpful
2 Replies 2

Todd Pula
Rising star
Rising star

‎08-17-2009 06:26 AM

Have you configured the "password-management password-expire-in-days X" command under the tunnel group in question?

0 Helpful

paultribe
Beginner
Beginner
In response to Todd Pula

‎08-27-2009 02:49 AM

Apologies for the delay in my reply. In answer to your question, yes this was configured. I do now have a working solution except for one thing, the password hostory function does not work when enabled on the domain controller, users can change back to a password they have used previously. I am going to start a new thread regarding this issue, however if you know an answer then please let me know.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents