Password Expiration Issue - AnyConnect/ASA5505

Unanswered Question
Jul 8th, 2009

When a users password is going to expire in up to 14 days, they get a warning and are asked if they would like to change their password now or skip it. If they skip it, they get put into the default Group Policy which messes up their connectivity. Here is what it looks like in the logs:

AAA user authentication Rejected : reason = Password is expiring

DAP: User jhick, Addr xx.xxx.xx.xxx, Connection AnyConnect: The following DAP records were selected for this connection: DfltAccessPolicy

If I shut off the password expiration features, the login processes normally. Any idea why this happens or how to fix it?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
owillins Tue, 07/14/2009 - 09:16

If the AAA server authenticates the user, the FWSM displays the User Accepted text, if specified, to the user; otherwise it displays the User Rejected text, if specified. If the rejection is because of invalid credentials (such as an incorrect username) or because the password expired, the Invalid Credentials or Expired Password text shows, instead of the User Rejected text.

Actions

This Discussion