10-24-2007 01:09 AM - edited 03-09-2019 07:04 PM
Hi,
We have an ASA5520 configured with SSL VPN and Windows AD LDAP authentication. Users can authenticate if their password has not expired. How can i configure in such a way that the users are prompted to change their password when they connect thru SSL?
Thanks,
Ed
10-24-2007 06:52 AM
Hi Ed,
I haven't figure that yet, but I have an alternative. I use this freely available utility to inform the user by email when their password is expiring 9-5-3 days.
1. Script to notify users
http://www.windowsitpro.com/Article/ArticleID/46819/46819.html
http://www.windowsitpro.com/articles/download/rptpaswdchange.zip
2. Setup IISADMPWD in the AD server where the users can change their passwords after successful login. Search IISADMPWD in MS Knowledgebase. Please make a copy of the IISADMPWD directory out of Windows System directory to maybe drive D.
ITEM 1 running in Task Scheduler daily should sent an email to the users telling them that their password is expiring 9-5-3 days later. To change, they have to successfully login first to access ITEM 2 using HTTPS (please).
You can be creative and create a nice email template for ITEM 1. Maybe use yourcompany-valet@yourcompnay.com sender email address pointing them to the URL in ITEM 2. ITEM 2 URL web page should be edited, you may put a note on password policy.
Regards,
DandyHi Ed,
I haven't figure that yet, but I have an alternative. I use this freely available utility to inform the user by email when their password is expiring 9-5-3 days.
1. Script to notify users
http://www.windowsitpro.com/Article/ArticleID/46819/46819.html
http://www.windowsitpro.com/articles/download/rptpaswdchange.zip
2. Setup IISADMPWD in the AD server where the users can change their passwords after successful login. Search IISADMPWD in MS Knowledgebase. Please make a copy of the IISADMPWD directory out of Windows System directory to maybe drive D.
ITEM 1 running in Task Scheduler daily should sent an email to the users telling them that their password is expiring 9-5-3 days later. To change, they have to successfully login first to access ITEM 2 using HTTPS (please).
You can be creative and create a nice email template for ITEM 1. Maybe use yourcompany-valet@yourcompnay.com sender email address pointing them to the URL in ITEM 2. ITEM 2 URL web page should be edited, you may put a note on password policy.
Regards,
Dandy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide