Solved: Password expiration prompt VPN via RADIUS

0rsnaric · ‎09-16-2008

We have an ASA 5510 running 7.2(4) and have VPN setup using Cisco secure client. Authentication is done through RADIUS running on a windows 2003 server (IAS).

Our problem is, users aren't being notified that their password is about to expire, and once it does they can no longer authenticate.

I have tried setting "Enable Notification Upon Password Expiration" and "Enable Notification Prior to Expiration", but this is not doing anything.

Please help. This is going to be a huge issue soon, as we just did password expiration policy for SAS70 compliance and passwords are about to start expiring enmasse. Almost all of our users are road warriors.

~rick

Jagdeep Gambhir · ‎09-16-2008

Rick,

For this to work for clients connecting to an ASA, we'll need to make sure of a few things :

1. That the tunnel-group these clients are connecting to has the following command configured:

password-management

2. The VPN client version 5.0.00 is affected by a bug which fails to prompt the user for

the new password. If you're running this version, I'll suggest an upgrade or downgrade.

Regards,

~JG

Do rate helpful posts

View solution in original post

Jagdeep Gambhir · ‎09-16-2008