I have configured an ASA to authenticate remote access & SSL VPN to a Microsoft LDAP server using LDAPS. I have configured the LDAP server to enforce the user to change the password at next logon, however I want to enforce additional security to make the user change the password before the account expires on the Windows DC. The problem I have is that even though I set user account on the DC to expire and enforce "interactive logon; prompt user to change password before expiration", the user is never prompted when attempting to login via VPN within the days left to expiration. Can anyone help.
I have this problem too.