Hello team, I have users that are using VPN Remote Access. They are using to authentication their user and passwords of WindowsDomain accounts. To do this I am using ASA with asa707-k8.bin image, and a ACS 4.1(1) Build 23 Patch (this ACS is integrated with ActiveDirectory).
The problem is that when a user does not use the VPN for a long time the accounts (WindowsDomain user) expire, they can not access any more because of this, and they are not able to renew the credentials (because the credential belong to Active Directory).
So I wonder if there is a way to permit users to renew the credentials via VPN when it expires. Is there some tasks to integrate the request of password change when they are connected via VPN ?
When you enable password-management on the ASA it basically converts the radius requests to MS-CHAP v2 instead of PAP so that AD can pass down expiry information. All the ASA does is send an authentication request to the Radius server. It's up to the Radius server to notify the ASA that the password is expired and act the go between for the ASA and AD.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...