Password expiration prompt VPN via RADIUS

Answered Question
Sep 16th, 2008
User Badges:

We have an ASA 5510 running 7.2(4) and have VPN setup using Cisco secure client. Authentication is done through RADIUS running on a windows 2003 server (IAS).


Our problem is, users aren't being notified that their password is about to expire, and once it does they can no longer authenticate.


I have tried setting "Enable Notification Upon Password Expiration" and "Enable Notification Prior to Expiration", but this is not doing anything.


Please help. This is going to be a huge issue soon, as we just did password expiration policy for SAS70 compliance and passwords are about to start expiring enmasse. Almost all of our users are road warriors.


~rick

Correct Answer by Jagdeep Gambhir about 8 years 7 months ago

Rick,

For this to work for clients connecting to an ASA, we'll need to make sure of a few things :

1. That the tunnel-group these clients are connecting to has the following command configured:

password-management

2. The VPN client version 5.0.00 is affected by a bug which fails to prompt the user for

the new password. If you're running this version, I'll suggest an upgrade or downgrade.



Regards,

~JG


Do rate helpful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jagdeep Gambhir Tue, 09/16/2008 - 13:09
User Badges:
  • Red, 2250 points or more

Rick,

For this to work for clients connecting to an ASA, we'll need to make sure of a few things :

1. That the tunnel-group these clients are connecting to has the following command configured:

password-management

2. The VPN client version 5.0.00 is affected by a bug which fails to prompt the user for

the new password. If you're running this version, I'll suggest an upgrade or downgrade.



Regards,

~JG


Do rate helpful posts

0rsnaric Thu, 09/18/2008 - 09:04
User Badges:

Thanks JG, it was indeed 5.0.00. Tried it with 5.0.03 and worked fine.



~r

Actions

This Discussion