asa vpn and ad password expiration without vpn client

Unanswered Question
Feb 20th, 2009

Hello,

The setup is: vpn on asa using ms ias (ms chap v2 with 'user can change password...' option and empee 128bit as encryption). 'password management' option is set up on asa. Everyting is working fine when we are using vpn client (users can change pin/password after it expires), but the problem is with clientless connection. it works fine, but when password expires users are prompted to change password, but the password is not changed and user cannot connect.

Q1: is it possible to change expired password using clientless connection?

Q2: if so, what could be wrong?

Thanks for help,

Andy

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rickbennett Wed, 02/25/2009 - 10:19

SOrry for "piggybacking" on of your post, but I have been trying to get this working for a few weeks now. I tried using LDAP to my AD server. The problem with that is that is requires secure LDAP, which I am not ready to venture down that road until I get a better understanding of what implications it will have on my server. To that end, if anyone has managed to get password changes working through an SSL VPN client, I would also appreciate any information on it. Thanks.

Actions

This Discussion