Hi all.
ASA5520, 8.4(4)1.
Some users have a problem with Clientless WebVPN Connections. MS LDAP for authentication is used.
aaa-server LDAP_NAME (Iface) host LDAP_IP
server-port 636
ldap-base-dn OU=Office,DC=example,DC=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn x_AccessFromAsa
ldap-over-ssl enable
server-type microsoft
When in AD user account options 'User must change password at next logon' option is enabled user can't change password while first WebVPN-connecting.
There is 'Cannot complete password change because the password does not meet the password policy requirements' issue although user types a new very complex password. In ASA log message 'AAA user authentication Rejected : reason = Password malformed' exist.
But other user with the same AD parameters (Object, Member of) can login successfully and can change password
successfully using the same new very complex password as a first user type.
Is there bug or other?
Thank you for any advice.