05-20-2012 11:49 PM - edited 02-21-2020 06:04 PM
HI Guys,
I need help regarding this problem. I have a Cisco ASA5510 firewall that has SSL Web VPN functionality and is utilizing AD Server as Authentication server for users. However, we have a policy to change password at certain point of time. Users in the office have no problem. They just login their PC and change password. Users outside of office is a pain when their password is expired. Is it posible for them to change their AD password thru VPN using Cisco Anyconnect? If yes, can you show me how?
Regards,
JOHN
05-21-2012 04:22 AM
Yes, you can configure "password-management" command.
Here is the command for your reference:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/p.html#wp1879916
Hope that helps.
05-21-2012 05:55 AM
If your Ad is acting as a LDAP server and listining to port TCP 636 then this is what you need to configure:
http://www.jjohnstonit.com/wp/2011/12/cisco-asa-vpn-ldap-password-management.
However, IF AD is acting as a radius server (like MS IAS or NPS) then you just need to issue "password-management" under respective tunnel-group on ASA.
The only difference in both the setup is that with LDAP, the end user will get a warning before password get expired and with radius the user will be prompted to change the password very last day.
Let us know if you have any doubt.
Regards,
Jatin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide