Radius Password Expiry with IAS

Unanswered Question
Jul 27th, 2007

I've seen discussions related to this topic, but nothing addressing the errors I am seeing.

I used this link as a start:


I first saw errors on the domain controller showing a requirement for MSCHAPv2, so I added that to the IAS server. The error that is stoping me now is:

Policy-Name = Legacy User Access to Cisco VPN

Authentication-Type = MS-CHAPv2

EAP-Type = <undetermined>

Reason-Code = 72

Reason = The user cannot change his or her password because the change password option is not enabled for the matching remote access policy.

This error is generated in on the IAS server in the SYSTEM log. Looking at the IAS policy, I do not see any options specific to allowing password change.

I've begun a search at Technet, but any ideas would be greatly appreciated...


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a-vazquez Thu, 08/02/2007 - 10:37

Define the VPN 3000 Concentrator as a client. Note: Microsoft is chosen as the Client-Vendor to get support for the Microsoft Vendor-Specific Attributes (VSA) required by the RADIUS with Expiry feature


This Discussion