Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
655
Views
0
Helpful
3
Replies

anyconnect with Gina 4.10 Documentation on AD password exp. over vpn

Go to solution
TRNnHelp
Level 1
Level 1

‎03-28-2023 07:48 AM

Looking for some current Documentation on how to allow password change over VPN after the password has expired.  Everything I find is old.  We are on anyconnect 4.10 with Gina

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎03-28-2023 07:58 AM

@TRNnHelp configure the password-management command, the ASA notifies the remote user at login that the user’s current password is about to expire or has expired. The ASA then offers the user the opportunity to change the password. If the current password has not yet expired, the user can still log in using that password. 

This command is configured under the tunnel-group.

Refer to this guide for more information: https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/I-R/asa-command-ref-I-R/pa-pn-commands.html#wp2035813333

 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎03-28-2023 07:58 AM

@TRNnHelp configure the password-management command, the ASA notifies the remote user at login that the user’s current password is about to expire or has expired. The ASA then offers the user the opportunity to change the password. If the current password has not yet expired, the user can still log in using that password. 

This command is configured under the tunnel-group.

Refer to this guide for more information: https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/I-R/asa-command-ref-I-R/pa-pn-commands.html#wp2035813333

 

 

0 Helpful

Go to solution
TRNnHelp
Level 1
Level 1
In response to Rob Ingram

‎03-29-2023 10:06 AM

I'm trying to allow our active directory users to change their active directory Passwords after they expire across the VPN. This article doesn't appear to address that.
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to TRNnHelp

‎03-29-2023 10:12 AM

From the link provided......

"When you configure the password-management command, the ASA notifies the remote user at login that the user’s current password is about to expire or has expired. The ASA then offers the user the opportunity to change the password. If the current password has not yet expired, the user can still log in using that password."

"This command is valid for AAA servers that support such notification; that is, natively to LDAP servers and RADIUS proxied to an NT 4.0 or Active Directory server."

0 Helpful
Customers Also Viewed These Support Documents