cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
834
Views
0
Helpful
0
Replies
kirill1980
Beginner

WebVPN change password problem when 'User must change password at next logon' is enabled

Hi all.

ASA5520, 8.4(4)1.

Some users have a problem with Clientless WebVPN Connections. MS LDAP for authentication is used.

aaa-server LDAP_NAME (Iface) host LDAP_IP

server-port 636

ldap-base-dn OU=Office,DC=example,DC=com

ldap-scope subtree

ldap-naming-attribute sAMAccountName

ldap-login-password *****

ldap-login-dn x_AccessFromAsa

ldap-over-ssl enable

server-type microsoft

When in AD user account options 'User must change password at next logon' option is enabled user can't change password while first WebVPN-connecting.

There is 'Cannot complete password change because the password does not meet the password policy requirements' issue although user types a new very complex password. In ASA log message 'AAA user authentication Rejected : reason = Password malformed' exist.

But other user with the same AD parameters (Object, Member of) can login successfully and can change password

successfully using the same new very complex password as a first user type.

Is there bug or other?

Thank you for any advice.

0 REPLIES 0
Create
Recognize Your Peers
Content for Community-Ad