ACS 3.3 and Windows Password Expiry

Unanswered Question
Jun 27th, 2008
User Badges:


We have a private DSL-based Home worker WAN solution. The users connect via wireless to their router and use PEAP to authenticate to central ACS 3.3 radius server.

The problem we have is that, because the laptop is not on the network until they have successfully authenticated, they logon to the laptop using cached credentials and don't actually authentiacte with the domain. Consequently, the users are not notified when their password is about to expire.

When their password has expired, they are prompted to change it during the wireless logon process, but this doesn't work. Subsequently, they have to travel to their local office to logon to the domain and hange their password.

The local routers are Netgear set for WPA-802.1x, the laptops are set for PEAP (EAP-MSCHAP v2), the Radius is ACS 3.3 authenticating to AD.

Any ideas will be gratefully received.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Jagdeep Gambhir Fri, 06/27/2008 - 05:48
User Badges:
  • Red, 2250 points or more

Requirements for implementing the PEAP Windows password aging mechanism include:

The AAA client must support EAP.

Users must be in a Windows user database.

Users must be using a Microsoft PEAP client, such as Windows XP.

You must enable PEAP a n d mschapv 2 Authentication Configuration page within the System Configuration section.

You must enable PEAP password changes on the Windows Authentication Configuration page



Do rate helpful posts

nigelb Fri, 06/27/2008 - 07:28
User Badges:

Thanks JG

So in my scenario, the AAA client is the Netgear router?



Jagdeep Gambhir Fri, 06/27/2008 - 08:17
User Badges:
  • Red, 2250 points or more


No aaa clients are wireless users. On netgear router make sure mschapv2 is enabled (if that options is there)



pornthip_k Sun, 06/29/2008 - 18:56
User Badges:

I think you should set machine authentication, too.

This may help you. :)

nigelb Mon, 06/30/2008 - 00:16
User Badges:

Thanks for all your help, I'll let you know the outcome...


This Discussion