Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
595
Views
0
Helpful
1
Replies

Password Expiration Issue - AnyConnect/ASA5505

jickfoo
Level 1
Level 1

‎07-08-2009 05:22 AM

When a users password is going to expire in up to 14 days, they get a warning and are asked if they would like to change their password now or skip it. If they skip it, they get put into the default Group Policy which messes up their connectivity. Here is what it looks like in the logs:

AAA user authentication Rejected : reason = Password is expiring

DAP: User jhick, Addr xx.xxx.xx.xxx, Connection AnyConnect: The following DAP records were selected for this connection: DfltAccessPolicy

If I shut off the password expiration features, the login processes normally. Any idea why this happens or how to fix it?

Labels:
0 Helpful
1 Reply 1

owillins
Level 6
Level 6

‎07-14-2009 09:16 AM

If the AAA server authenticates the user, the FWSM displays the User Accepted text, if specified, to the user; otherwise it displays the User Rejected text, if specified. If the rejection is because of invalid credentials (such as an incorrect username) or because the password expired, the Invalid Credentials or Expired Password text shows, instead of the User Rejected text.

0 Helpful
Customers Also Viewed These Support Documents