Cisco VPN, NT authentication, and password expiration
I currently have users that access our Exchange servers via Cisco VPN client to my VPN 3030. Authentication is NT domain, and works great for most of us. The problem is my NT admin setup 250 more users, and set password expiration on next login. I was testing and found that the temporary login worked, I authenticated, and then I was re-challenged for another password. I know this to be the "your password have expired, please choose a new one" script. Problem is I cannot change the password via VPN client at all. So what do you do if your users will NEVER login physically into your LAN? Our Security Policy mandates a 30-day expiration.....
Re: Cisco VPN, NT authentication, and password expiration
One solution could be to setup an Windows web-server with SSL. Then create a 128-bit secure webpage where users could change their password.
For secure reasons you could let the server NOT be a member of the domain that the users are in and create an account in the domain for the webserver which just have the rights to change passwords and nothing else.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...