cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
500
Views
5
Helpful
3
Replies

ASA for Remote Access on Apple Devices

a-whitehurst
Level 1
Level 1

We are using Apple devices for connction to the ASA for remote access.  The authentication is LDAP, everything but password changes on expiration is working.  What step am i missing?  We have another set of firewalls for other remote access users authenticating against LDAP and the users are able to change their password.  We are using MS AD with LDAP over SSL, below is hte system version and the a version of the config:

System image file is "disk0:/asa912-smp-k8.bin"

!

aaa-server LDAP_SRV_GRP (inside) host XX.XX.XX.XX

server-port 636

ldap-base-dn DC=<domain>,DC=<suffix>

ldap-group-base-dn CN=<name>,OU=<group>,DC=<domain>,DC=<suffix>

ldap-scope subtree

ldap-naming-attribute sAMAccountName

ldap-login-password <password>

ldap-login-dn CN=<user>,OU=<where located>,DC=<domain>,DC=<suffix>

ldap-over-ssl enable

server-type microsoft

!

tunnel-group <tunnel-name> general-attributes

address-pool DHCP_Pool-<eligible IP Addresses>

authentication-server-group LDAP_SRV_GRP

default-group-policy <tunnel-name>

password-management

3 Replies 3

Jeet Kumar
Cisco Employee
Cisco Employee

Hi Adrian,

Please try this and let me know if it helps:

tunnel-group general-attributes

password-management password-expire-in-days  X

(x is the number of days here)

Thanks

Jeet Kumar

Hi Jeet,

I entered the above command to expire in 7 days and it did not work, then changed it to 0 days and it did not work.  in AD i have the account set to change the password upon login, have I missed the window here for this one?  Our typical password expiration is 60 days so the only way i could think to actively test was to set it to be changed upon login

~ Adrian

Hi Adrian,

I will do a quick test today and will let you know.

Thanks

Jeet Kumar