AD passwords renewal issue

Unanswered Question
Apr 7th, 2008
User Badges:

Hi all,

We are using Active Directory(Win2003 Server SP1), WLC+LAP1130, ACS4.1, WZC(WinXP with EAP-PEAP).

The problem is that users are not able to authentication after changing passowrds to AD's 90 days passwords change policy.

We are using machine authentication to allow passwords change after 90days expiration.

These user should be rechange passwords by wired.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Atkin Mon, 04/07/2008 - 01:41
User Badges:
  • Silver, 250 points or more

The two most common causes for this are;

Ensure Machine Authentication is actually working. IE, before the user logs in, the WLC should show you the "host/......" username associated with the machine account, and the "Policy Manager State" says "Run".

Second, make sure your RADIUS Server is configured to allow password changes inside PEAP using MSCHAPv2; this is off by default on ACS and IAS.



yong1794 Mon, 04/07/2008 - 03:24
User Badges:

Thanks, your reply.

The machine authentication is ok and "password changes inside PEAP using MSCHAPv2" is already configured.

This issue happen to violated user who did not change password in 90day. the other users are can change passwords and auth working well.


This Discussion



Trending Topics - Security & Network