Have a weird question about NAC 802.1x framework deployment.
Client(with CTA)---ACS SE (ver 4.0)---MS AD(ACS remote agent)
The NAC deployment is fine, until we have a problem with Password policy set at AD. AD require user change password every month, CTA able to prompt for change password but it just processing until timeout and users can't login to network. Users need to restart few times until the prompt from MS asking change password only it work.
Have configure allow all authentication include MSCHAP ver 1 and 2. Follow ACS documentation about user group configuration enable user change password....etc
Second question is about disable user account at AD, it look like need to restart 2 times only the disable account take effect.
Anyone have experince this before? Any workaround?