Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
574
Views
0
Helpful
1
Replies

Anyconnect LDAP authentication

eagles-nest
Level 1
Level 1

‎12-02-2012 02:06 PM - edited ‎02-21-2020 06:31 PM

Hi

I'm messing around with some LDAP authentication for Anyconnect and have a couple of questions if anyone can help.

First, this may be an AD/LDAP thing but when I connect via Anyconnect with my AD credentials it works.  All good.  I disable my account in AD and it fails as expected and I get a debug saying this.  However, I changed my password in AD and when I connected in Anyconnect I accidentally entered the previous password and it still connected.  To be sure I then disconnected and reconnected with my new password and it still connected.  A bit of playing around seems to confirm that I can connect with the existing and last password though I've not waited any significant length of time to see if that changes.

Is this an LDAP issue and is it expected?

A second thing I was trying was if I tick the "user must change password at next login" box in the AD account does this allow me to change via Anyconnect.  It doesn't.  My connection fails.  What I am trying to simulate here is a user coming back from holiday and their AD password has expired.  Can I get them to be prompted to change via the anyconnect process.  Or can I get them connected then prompted much as you would on a wired connection to change their AD password.  Maybe via a SBL process ?

Many thanks for any input.

J.

Labels:
0 Helpful
1 Reply 1

Jeff Van Houten
Level 5
Level 5

‎12-02-2012 04:16 PM

The any connect screens wont support the password change feature.

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents