04-07-2008 01:08 AM - edited 07-03-2021 03:39 PM
Hi all,
We are using Active Directory(Win2003 Server SP1), WLC+LAP1130, ACS4.1, WZC(WinXP with EAP-PEAP).
The problem is that users are not able to authentication after changing passowrds to AD's 90 days passwords change policy.
We are using machine authentication to allow passwords change after 90days expiration.
These user should be rechange passwords by wired.
04-07-2008 01:41 AM
The two most common causes for this are;
Ensure Machine Authentication is actually working. IE, before the user logs in, the WLC should show you the "host/......" username associated with the machine account, and the "Policy Manager State" says "Run".
Second, make sure your RADIUS Server is configured to allow password changes inside PEAP using MSCHAPv2; this is off by default on ACS and IAS.
HTH,
Richard
04-07-2008 03:24 AM
Thanks, your reply.
The machine authentication is ok and "password changes inside PEAP using MSCHAPv2" is already configured.
This issue happen to violated user who did not change password in 90day. the other users are can change passwords and auth working well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide