Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
3
Helpful
1
Replies

Password Expiry Concentrator 3060 -> Active Directory

markus.jahnke
Level 1
Level 1

‎10-09-2007 01:13 AM - edited ‎03-09-2019 06:59 PM

Hi there,

I'm currently implementing AD authentication to our VPN gateways.

I'd prefer to have a direct communication between the concentrator and the domain controller, which is possible when Kerberos is being used.

On the other hand, we'll need the possibility to change expired AD passwords, which could be done using "Radius with Expiry".

For some reasons I can't activate IAS on the AD servers and I can't find a protocol that allows the users to alter and expired password and uses direct AD communication.

Do you have any suggestions, ideas?

Cheers,

Markus

Labels:
0 Helpful
1 Reply 1

Danilo Dy
VIP Alumni
VIP Alumni

‎10-09-2007 08:30 AM

Hi,

Once the user password already expire, there's no way for them to change it by themselves except the AD admin.

However, you can use the following tools that I use;

1. User to change AD password

- Check IISADMPWD from MS KB

2. Notify user by email when password is expiring

- Check RPTPASWDCHANGE http://www.windowsitpro.com/Article/ArticleID/46819/46819.html and http://www.windowsitpro.com/articles/download/rptpaswdchange.zip

Regards,

Dandy

Customers Also Viewed These Support Documents