Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
483
Views
5
Helpful
4
Replies

NAC 802.1x Framework - Users can't change password using ACS

chenyokechuan
Level 1
Level 1

‎10-07-2007 06:55 PM - edited ‎03-10-2019 03:25 PM

Hi All,

Have a weird question about NAC 802.1x framework deployment.

Environment :

Client(with CTA)---ACS SE (ver 4.0)---MS AD(ACS remote agent)

The NAC deployment is fine, until we have a problem with Password policy set at AD. AD require user change password every month, CTA able to prompt for change password but it just processing until timeout and users can't login to network. Users need to restart few times until the prompt from MS asking change password only it work.

Have configure allow all authentication include MSCHAP ver 1 and 2. Follow ACS documentation about user group configuration enable user change password....etc

Second question is about disable user account at AD, it look like need to restart 2 times only the disable account take effect.

Anyone have experince this before? Any workaround?

Thanks

YokeChuan

Labels:
0 Helpful
4 Replies 4

scandan
Level 1
Level 1

‎10-10-2007 12:56 AM

Dear Yoke,

EAP-GTC is second phase of PEAP with MSCHAPvs authentication process and ACS 4.0 has a bug (CSCsc00788) about it. The bug is fixed with 4.1 so you should upgrade the version of ACS.

Kind Regards,

Serhat

chenyokechuan
Level 1
Level 1
In response to scandan

‎10-10-2007 02:11 AM

Hi Serhat,

Thanks a lot for help in this matter, will check with TAC Engineer.

For second issue, about AD user account disable. It need to restart pc twice before it will take effect, are this also a bug? i seen other user have post this question before, it look like no workaround at the moment.

Thanks

YokeChuan

0 Helpful

scandan
Level 1
Level 1
In response to chenyokechuan

‎10-10-2007 05:55 AM

Dear Yoke,

I dont know exactly that i might be related with a bug. Could you check the release notes for ACS 4.0. http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/release/notes/RNwin401.html#wp37535

Known problems contains all the bug information related to the version.

Also TAC engineer will inform you if you have already opened a case.

Kind regards,

Serhat

0 Helpful

chenyokechuan
Level 1
Level 1
In response to scandan

‎10-10-2007 07:50 AM

Hi Serhat,

Thanks a lot, will clarify with TAC engineer.

Appreciate your valuable response.

Thanks

YokeChuan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents