cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
579
Views
0
Helpful
2
Replies

AD passwords renewal issue

yong1794
Level 1
Level 1

Hi all,

We are using Active Directory(Win2003 Server SP1), WLC+LAP1130, ACS4.1, WZC(WinXP with EAP-PEAP).

The problem is that users are not able to authentication after changing passowrds to AD's 90 days passwords change policy.

We are using machine authentication to allow passwords change after 90days expiration.

These user should be rechange passwords by wired.

2 Replies 2

Richard Atkin
Level 4
Level 4

The two most common causes for this are;

Ensure Machine Authentication is actually working. IE, before the user logs in, the WLC should show you the "host/......" username associated with the machine account, and the "Policy Manager State" says "Run".

Second, make sure your RADIUS Server is configured to allow password changes inside PEAP using MSCHAPv2; this is off by default on ACS and IAS.

HTH,

Richard

Thanks, your reply.

The machine authentication is ok and "password changes inside PEAP using MSCHAPv2" is already configured.

This issue happen to violated user who did not change password in 90day. the other users are can change passwords and auth working well.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: