ACS 3.3 and Windows Password Expiry

Unanswered Question
Jun 27th, 2008

Hi

We have a private DSL-based Home worker WAN solution. The users connect via wireless to their router and use PEAP to authenticate to central ACS 3.3 radius server.

The problem we have is that, because the laptop is not on the network until they have successfully authenticated, they logon to the laptop using cached credentials and don't actually authentiacte with the domain. Consequently, the users are not notified when their password is about to expire.

When their password has expired, they are prompted to change it during the wireless logon process, but this doesn't work. Subsequently, they have to travel to their local office to logon to the domain and hange their password.

The local routers are Netgear set for WPA-802.1x, the laptops are set for PEAP (EAP-MSCHAP v2), the Radius is ACS 3.3 authenticating to AD.

Any ideas will be gratefully received.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jagdeep Gambhir Fri, 06/27/2008 - 05:48

Requirements for implementing the PEAP Windows password aging mechanism include:

The AAA client must support EAP.

Users must be in a Windows user database.

Users must be using a Microsoft PEAP client, such as Windows XP.

You must enable PEAP a n d mschapv 2 Authentication Configuration page within the System Configuration section.

You must enable PEAP password changes on the Windows Authentication Configuration page

Regards,

JG

Do rate helpful posts

nigelb Fri, 06/27/2008 - 07:28

Thanks JG

So in my scenario, the AAA client is the Netgear router?

Regards

Nigel

Jagdeep Gambhir Fri, 06/27/2008 - 08:17

Nigel,

No aaa clients are wireless users. On netgear router make sure mschapv2 is enabled (if that options is there)

Regards,

~JG

pornthip_k Sun, 06/29/2008 - 18:56

I think you should set machine authentication, too.

This may help you. :)

nigelb Mon, 06/30/2008 - 00:16

Thanks for all your help, I'll let you know the outcome...

Actions

This Discussion