Password expiration prompt VPN via RADIUS

Answered Question
Sep 16th, 2008

We have an ASA 5510 running 7.2(4) and have VPN setup using Cisco secure client. Authentication is done through RADIUS running on a windows 2003 server (IAS).

Our problem is, users aren't being notified that their password is about to expire, and once it does they can no longer authenticate.

I have tried setting "Enable Notification Upon Password Expiration" and "Enable Notification Prior to Expiration", but this is not doing anything.

Please help. This is going to be a huge issue soon, as we just did password expiration policy for SAS70 compliance and passwords are about to start expiring enmasse. Almost all of our users are road warriors.

~rick

I have this problem too.
0 votes
Correct Answer by Jagdeep Gambhir about 8 years 2 months ago

Rick,

For this to work for clients connecting to an ASA, we'll need to make sure of a few things :

1. That the tunnel-group these clients are connecting to has the following command configured:

password-management

2. The VPN client version 5.0.00 is affected by a bug which fails to prompt the user for

the new password. If you're running this version, I'll suggest an upgrade or downgrade.

Regards,

~JG

Do rate helpful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jagdeep Gambhir Tue, 09/16/2008 - 13:09

Rick,

For this to work for clients connecting to an ASA, we'll need to make sure of a few things :

1. That the tunnel-group these clients are connecting to has the following command configured:

password-management

2. The VPN client version 5.0.00 is affected by a bug which fails to prompt the user for

the new password. If you're running this version, I'll suggest an upgrade or downgrade.

Regards,

~JG

Do rate helpful posts

0rsnaric Thu, 09/18/2008 - 09:04

Thanks JG, it was indeed 5.0.00. Tried it with 5.0.03 and worked fine.

~r

Actions

This Discussion