Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1027
Views
0
Helpful
0
Replies

WebVPN change password problem when 'User must change password at next logon' is enabled

kirill1980
Level 1
Level 1

‎10-29-2012 05:42 AM

Hi all.

ASA5520, 8.4(4)1.

Some users have a problem with Clientless WebVPN Connections. MS LDAP for authentication is used.

aaa-server LDAP_NAME (Iface) host LDAP_IP

server-port 636

ldap-base-dn OU=Office,DC=example,DC=com

ldap-scope subtree

ldap-naming-attribute sAMAccountName

ldap-login-password *****

ldap-login-dn x_AccessFromAsa

ldap-over-ssl enable

server-type microsoft

When in AD user account options 'User must change password at next logon' option is enabled user can't change password while first WebVPN-connecting.

There is 'Cannot complete password change because the password does not meet the password policy requirements' issue although user types a new very complex password. In ASA log message 'AAA user authentication Rejected : reason = Password malformed' exist.

But other user with the same AD parameters (Object, Member of) can login successfully and can change password

successfully using the same new very complex password as a first user type.

Is there bug or other?

Thank you for any advice.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents