09-03-2013 07:53 AM - edited 02-21-2020 07:07 PM
We are using Apple devices for connction to the ASA for remote access. The authentication is LDAP, everything but password changes on expiration is working. What step am i missing? We have another set of firewalls for other remote access users authenticating against LDAP and the users are able to change their password. We are using MS AD with LDAP over SSL, below is hte system version and the a version of the config:
System image file is "disk0:/asa912-smp-k8.bin"
!
aaa-server LDAP_SRV_GRP (inside) host XX.XX.XX.XX
server-port 636
ldap-base-dn DC=<domain>,DC=<suffix>
ldap-group-base-dn CN=<name>,OU=<group>,DC=<domain>,DC=<suffix>
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password <password>
ldap-login-dn CN=<user>,OU=<where located>,DC=<domain>,DC=<suffix>
ldap-over-ssl enable
server-type microsoft
!
tunnel-group <tunnel-name> general-attributes
address-pool DHCP_Pool-<eligible IP Addresses>
authentication-server-group LDAP_SRV_GRP
default-group-policy <tunnel-name>
password-management
09-03-2013 02:48 PM
Hi Adrian,
Please try this and let me know if it helps:
tunnel-group
password-management password-expire-in-days X
(x is the number of days here)
Thanks
Jeet Kumar
09-03-2013 05:25 PM
Hi Jeet,
I entered the above command to expire in 7 days and it did not work, then changed it to 0 days and it did not work. in AD i have the account set to change the password upon login, have I missed the window here for this one? Our typical password expiration is 60 days so the only way i could think to actively test was to set it to be changed upon login
~ Adrian
09-03-2013 05:29 PM
Hi Adrian,
I will do a quick test today and will let you know.
Thanks
Jeet Kumar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide