Change active directory password

Answered Question
Jan 16th, 2008
User Badges:

Hi everyone,


I have a question that I hope you will answer for me. I'm running an ASA (8.0.2) and using the local Active Directory to authenticate the users while connecting with the VPN-Client and the Web SSL. So far so good, but is there any chances for the users to change the Active Directory password either from the VPN-Client or the Web SSL?


Kind regards

Per

Correct Answer by acomiskey about 9 years 5 months ago

This is the command you are looking for.


password-management


http://cisco.com/en/US/docs/security/asa/asa71/command/reference/p_711.html#wp1643267


Once enabled on the firewall all you have to do is make sure you are allowing mschap v2 in your remote access policy on IAS server.


When the user connects to the vpn and their password has expired, it will prompt them to change their password.


hostname(config)# tunnel-group group-name general-attributes

hostname(config-tunnel-general)# password-management


There is also a checkbox in the remote access policy in IAS to "allow user to change password after it expires"...check it.


See this post also...


http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Virtual%20Private%20Networks&topic=Network%20Management&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbf3144



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
acomiskey Wed, 01/16/2008 - 06:13
User Badges:
  • Green, 3000 points or more

This is the command you are looking for.


password-management


http://cisco.com/en/US/docs/security/asa/asa71/command/reference/p_711.html#wp1643267


Once enabled on the firewall all you have to do is make sure you are allowing mschap v2 in your remote access policy on IAS server.


When the user connects to the vpn and their password has expired, it will prompt them to change their password.


hostname(config)# tunnel-group group-name general-attributes

hostname(config-tunnel-general)# password-management


There is also a checkbox in the remote access policy in IAS to "allow user to change password after it expires"...check it.


See this post also...


http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Virtual%20Private%20Networks&topic=Network%20Management&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbf3144



Actions

This Discussion