I've read a few posts about this on the forum and it seems like very few people are able to resolve the issues they are having.
I have a working remote access vpn and I'm trying to add the password-expiry functionality. I've set a test user in AD to "change password at next logon" and when I logon using this user in the vpn client (5.0.07.0410) I am prompted for a box to type my new password twice. This is never written back to the server and the original authentication box pops up again. The password change box has the codes E=648, R=0, V=3 as in the attached image.
Does anyone have this working with radius and AD? A windows password change would normally request the old password to reauthenticate and then the new password twice.
Are you using radius to authenticate the vpn session or are you using ldap which is pointing to AD for authentication? This will work with radius since you can use mschap v2, however i want to be sure how you have your ASA setup first.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...