Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How do you get around NT/2000 password expire when using radius?

How can users authenticating through a radius server change there NT password if it has expired on the NT/2000 database?

Cisco Employee

Re: How do you get around NT/2000 password expire when using rad

It depends on what the authenticating from, and what type of Radius server you're talking about. The trouble with password expiry is that it requires MsCHAPv2 support to be able to change it, not many Radius servers or NAS's support that.

If they're connecting to a VPN3000 concentrator and authenticating to an ACS NT Radius server, then with the new versions of code you can do it. The user will get prompted to change their password when they connect in. If they're connecting to a PIX or router, then they currently don't support any password expiry feature, nor does ACS Unix.

This has been a big problem for a number of users, but unfortauntely at the moment there's not many ways around it.

CreatePlease to create content