Password expiration notification

ksarin123_2 · ‎10-06-2008

Hello folks -

We have a large number of people who are using the Cisco VPN client to connect to the corporate network. VPN autentication is being done using a Cisco ACS Server. Protocol being used is TACACS+.

The issue we are running into is that when the Active Directory password expires, users are unable to VPN in.

Is there a way where password notification expiration can be configured using the VPN Client? Under the tunnel group on the ASA, there is a password-management command, but from the reading I have done, it sounds like that command cannot be used with AD.

Any help would be appreciated!!

andrew.prince · ‎10-07-2008

To answer you question - no. The cisco VPN client does not support this.

I had the same issue in a previous comapny - the solutions were:-

1) The employees came into the office once in a while.

2) The AD system sent out reminders

3) They rang a help desk to re-set the password - who could decide if they would change the password, especially if the user DID recevie the notification of the password exipre reminder and ignored it :o)

After a few times, the users soon got the idea not to ignore the emails.

HTH>

John Blakley · ‎10-07-2008

If you have an ASA and were using RADIUS, you can use the radius-with-expiry under the tunnel-group's ipsec-attributes. This is under the assumption that you have your accounts configured with RADIUS. I can't tell you if it runs with TACACS+ though.

HTH, John *** Please rate all useful posts ***