AD passwords renewal issue

Unanswered Question
Apr 7th, 2008

Hi all,

We are using Active Directory(Win2003 Server SP1), WLC+LAP1130, ACS4.1, WZC(WinXP with EAP-PEAP).

The problem is that users are not able to authentication after changing passowrds to AD's 90 days passwords change policy.

We are using machine authentication to allow passwords change after 90days expiration.

These user should be rechange passwords by wired.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Atkin Mon, 04/07/2008 - 01:41

The two most common causes for this are;

Ensure Machine Authentication is actually working. IE, before the user logs in, the WLC should show you the "host/......" username associated with the machine account, and the "Policy Manager State" says "Run".

Second, make sure your RADIUS Server is configured to allow password changes inside PEAP using MSCHAPv2; this is off by default on ACS and IAS.



yong1794 Mon, 04/07/2008 - 03:24

Thanks, your reply.

The machine authentication is ok and "password changes inside PEAP using MSCHAPv2" is already configured.

This issue happen to violated user who did not change password in 90day. the other users are can change passwords and auth working well.


This Discussion



Trending Topics - Security & Network