Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Change active directory password

Hi everyone,

I have a question that I hope you will answer for me. I'm running an ASA (8.0.2) and using the local Active Directory to authenticate the users while connecting with the VPN-Client and the Web SSL. So far so good, but is there any chances for the users to change the Active Directory password either from the VPN-Client or the Web SSL?

Kind regards

Per

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: Change active directory password

This is the command you are looking for.

password-management

http://cisco.com/en/US/docs/security/asa/asa71/command/reference/p_711.html#wp1643267

Once enabled on the firewall all you have to do is make sure you are allowing mschap v2 in your remote access policy on IAS server.

When the user connects to the vpn and their password has expired, it will prompt them to change their password.

hostname(config)# tunnel-group group-name general-attributes

hostname(config-tunnel-general)# password-management

There is also a checkbox in the remote access policy in IAS to "allow user to change password after it expires"...check it.

See this post also...

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Virtual%20Private%20Networks&topic=Network%20Management&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbf3144

2 REPLIES
Green

Re: Change active directory password

This is the command you are looking for.

password-management

http://cisco.com/en/US/docs/security/asa/asa71/command/reference/p_711.html#wp1643267

Once enabled on the firewall all you have to do is make sure you are allowing mschap v2 in your remote access policy on IAS server.

When the user connects to the vpn and their password has expired, it will prompt them to change their password.

hostname(config)# tunnel-group group-name general-attributes

hostname(config-tunnel-general)# password-management

There is also a checkbox in the remote access policy in IAS to "allow user to change password after it expires"...check it.

See this post also...

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Virtual%20Private%20Networks&topic=Network%20Management&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbf3144

New Member

Re: Change active directory password

Hi,

Thanks a lot!

Kind regards

Per

230
Views
0
Helpful
2
Replies
CreatePlease login to create content