Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 3.3 and Windows Password Expiry

Hi

We have a private DSL-based Home worker WAN solution. The users connect via wireless to their router and use PEAP to authenticate to central ACS 3.3 radius server.

The problem we have is that, because the laptop is not on the network until they have successfully authenticated, they logon to the laptop using cached credentials and don't actually authentiacte with the domain. Consequently, the users are not notified when their password is about to expire.

When their password has expired, they are prompted to change it during the wireless logon process, but this doesn't work. Subsequently, they have to travel to their local office to logon to the domain and hange their password.

The local routers are Netgear set for WPA-802.1x, the laptops are set for PEAP (EAP-MSCHAP v2), the Radius is ACS 3.3 authenticating to AD.

Any ideas will be gratefully received.

Thanks

5 REPLIES

Re: ACS 3.3 and Windows Password Expiry

Requirements for implementing the PEAP Windows password aging mechanism include:

The AAA client must support EAP.

Users must be in a Windows user database.

Users must be using a Microsoft PEAP client, such as Windows XP.

You must enable PEAP a n d mschapv 2 Authentication Configuration page within the System Configuration section.

You must enable PEAP password changes on the Windows Authentication Configuration page

Regards,

JG

Do rate helpful posts

New Member

Re: ACS 3.3 and Windows Password Expiry

Thanks JG

So in my scenario, the AAA client is the Netgear router?

Regards

Nigel

Re: ACS 3.3 and Windows Password Expiry

Nigel,

No aaa clients are wireless users. On netgear router make sure mschapv2 is enabled (if that options is there)

Regards,

~JG

New Member

Re: ACS 3.3 and Windows Password Expiry

I think you should set machine authentication, too.

This may help you. :)

New Member

Re: ACS 3.3 and Windows Password Expiry

Thanks for all your help, I'll let you know the outcome...

162
Views
5
Helpful
5
Replies
CreatePlease login to create content