i've a Asa 5510 configured with webvpn and Authentication over an MS-ADS-Server Windows 2003. Authentication is working perfectly, but password-management doesn't works correctly.
If the user password expires in 14 days, he gets an Password-change dialog. He can click cancel and gets an "Login failed", although the password isn't expired. If he enters a new password, he gets always an error saying, the pw doesn't match the password policy. Also, if i disable the password policy in ADS completely.
Here a bit debugging info:
 Session Start
 New request Session, context 0xd7d24220, reqType = Modify Password
 Fiber started
 Creating LDAP context with uri=ldaps://msads:636
 Connect to LDAP server: ldaps://msads:636, status = Successful
 supportedLDAPVersion: value = 3
 supportedLDAPVersion: value = 2
 Binding as asa
 Performing Simple authentication for asalookup to msads
 LDAP Search:
Base DN = [ou=Mitarbeiter,dc=rp]
Filter = [sAMAccountName=testuser]
Scope = [SUBTREE]
 User DN = [CN=testuser,OU=Mitarbeiter,DC=rp]
 Talking to Active Directory server msads
 Reading password policy for testuser, dn:CN=testuser,OU=Mitarbeiter,DC=rp
 Read bad password count 0
 Fiber exit Tx=809 bytes Rx=10792 bytes, status=-1
 Session End
I also tried, to give the user administrator-permissions, but doesn't help.
any further ideas?