Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
0
Helpful
1
Replies

How do you get around NT/2000 password expire when using radius?

ddisalvo
Level 1
Level 1

‎06-24-2002 09:06 AM - edited ‎02-20-2020 09:17 PM

How can users authenticating through a radius server change there NT password if it has expired on the NT/2000 database?

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎06-24-2002 08:22 PM

It depends on what the authenticating from, and what type of Radius server you're talking about. The trouble with password expiry is that it requires MsCHAPv2 support to be able to change it, not many Radius servers or NAS's support that.

If they're connecting to a VPN3000 concentrator and authenticating to an ACS NT Radius server, then with the new versions of code you can do it. The user will get prompted to change their password when they connect in. If they're connecting to a PIX or router, then they currently don't support any password expiry feature, nor does ACS Unix.

This has been a big problem for a number of users, but unfortauntely at the moment there's not many ways around it.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents