We are attempting to use our ASA to allow our Remote Users to Change their Domain passwords when they attempt to VPN into our Network.
Here are the specs for our enviornment:
Cisco ASA 5505 Version 7.2(2)
VPN Software : 4.8.00.0440
Windows 2003 SP2 Domain Controller: IAS(Radius)
I know there are countless organizations and individuals out there facing the same issue: AAA Services for Remote users.
I have come across several posts and documentation that highlights the pros and cons of using RADIUS and LDAP for AAA services. But I am still having a hard time seeing which is better.
Currently we are using RADIUS to authenticate our users, BUT now we want Remote Users to have Password Managment capabilities, i.e get notified or Password Expiration and the have the ability to Change that Password before it expires.
Is there a single or combination of methods which allows remote users to do this? Also, can this method provide all the AAA services as well? I would appriciate any help. Thank you all in advance.