Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
467
Views
0
Helpful
1
Replies

ldap password expiry

edvel1014
Level 1
Level 1

‎10-24-2007 01:09 AM - edited ‎03-09-2019 07:04 PM

Hi,

We have an ASA5520 configured with SSL VPN and Windows AD LDAP authentication. Users can authenticate if their password has not expired. How can i configure in such a way that the users are prompted to change their password when they connect thru SSL?

Thanks,

Ed

Labels:
0 Helpful
1 Reply 1

Danilo Dy
VIP Alumni
VIP Alumni

‎10-24-2007 06:52 AM

Hi Ed,

I haven't figure that yet, but I have an alternative. I use this freely available utility to inform the user by email when their password is expiring 9-5-3 days.

1. Script to notify users

http://www.windowsitpro.com/Article/ArticleID/46819/46819.html

http://www.windowsitpro.com/articles/download/rptpaswdchange.zip

2. Setup IISADMPWD in the AD server where the users can change their passwords after successful login. Search IISADMPWD in MS Knowledgebase. Please make a copy of the IISADMPWD directory out of Windows System directory to maybe drive D.

ITEM 1 running in Task Scheduler daily should sent an email to the users telling them that their password is expiring 9-5-3 days later. To change, they have to successfully login first to access ITEM 2 using HTTPS (please).

You can be creative and create a nice email template for ITEM 1. Maybe use yourcompany-valet@yourcompnay.com sender email address pointing them to the URL in ITEM 2. ITEM 2 URL web page should be edited, you may put a note on password policy.

Regards,

DandyHi Ed,

I haven't figure that yet, but I have an alternative. I use this freely available utility to inform the user by email when their password is expiring 9-5-3 days.

1. Script to notify users

http://www.windowsitpro.com/Article/ArticleID/46819/46819.html

http://www.windowsitpro.com/articles/download/rptpaswdchange.zip

2. Setup IISADMPWD in the AD server where the users can change their passwords after successful login. Search IISADMPWD in MS Knowledgebase. Please make a copy of the IISADMPWD directory out of Windows System directory to maybe drive D.

ITEM 1 running in Task Scheduler daily should sent an email to the users telling them that their password is expiring 9-5-3 days later. To change, they have to successfully login first to access ITEM 2 using HTTPS (please).

You can be creative and create a nice email template for ITEM 1. Maybe use yourcompany-valet@yourcompnay.com sender email address pointing them to the URL in ITEM 2. ITEM 2 URL web page should be edited, you may put a note on password policy.

Regards,

Dandy

0 Helpful
Customers Also Viewed These Support Documents