Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

windows password aging with 802.1x

Is there any work-around for ACS to support windows password aging/expiring ? We are using ACS 3.3 applicance and find out user is being lockout when change password in the next log-on box is checked in Microsoft AD. We do see the box prompting for changing the password but it does not seem to work as the change password window keeps prompting.

Searching the forum and find out this can not be done.

Best Regards

Raymond Lo

1 REPLY
Silver

Re: windows password aging with 802.1x

Hi

Depends, if you are using PEAPv0 - this is Microsofts version of PEAP with MSCHAP inside. I would have thought this should support mschap password change.

PEAPv1 is basically clear text inside SSL and I know this doesnt support password change.

EAP-FAST probably doesnt allow password change either.

So PEAPv0 with MSFT supplicant is your best bet.

Darran

161
Views
0
Helpful
1
Replies
CreatePlease login to create content