Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Cisco VPN, NT authentication, and password expiration

I currently have users that access our Exchange servers via Cisco VPN client to my VPN 3030. Authentication is NT domain, and works great for most of us. The problem is my NT admin setup 250 more users, and set password expiration on next login. I was testing and found that the temporary login worked, I authenticated, and then I was re-challenged for another password. I know this to be the "your password have expired, please choose a new one" script. Problem is I cannot change the password via VPN client at all. So what do you do if your users will NEVER login physically into your LAN? Our Security Policy mandates a 30-day expiration.....

Suggestions??

1 REPLY
Community Member

Re: Cisco VPN, NT authentication, and password expiration

Hi e?

One solution could be to setup an Windows web-server with SSL. Then create a 128-bit secure webpage where users could change their password.

For secure reasons you could let the server NOT be a member of the domain that the users are in and create an account in the domain for the webserver which just have the rights to change passwords and nothing else.

Regards,

Bjarne Saltbaek

IT Solution Provider

Kraks Forlag AS - www.krak.dk

268
Views
0
Helpful
1
Replies
CreatePlease to create content