Keeping the cached and domain account passwords in sync using VPN in a
I'm running into issues keeping the PC's cached password and the password on the domain controller synchronized. In between mandatory password changes there is no issue. But when a users password has expired and they use the change password process supplied by the 3005 VPN concentrator (Radius with Expiry), the domain and PC passwords become out of sync. The domain is updated correctly and is looking for the new password, but the PC did not update and is looking for the old password. At that point you're in a catch22 scenario because if you use the new password it wont match what the PC remembers (its looking for the old password) and your logon is refused. Using the old password, you will get passed the PC logon, but your account will not be able to access anything on the domain. Eventually your domain account will be locked out.
It seems the bottom line issue(s) is either the PC is not being updated by the VPN password change process but should be. Or, when using a VPN connection, the PC is not deferring to the domain controller for ID/password verification during the initial login process. I cant be the only person whos been here before. What did I overlook?
The PC is a windows 2000 machine using the Cisco VPN 3.6.2(B) client. VPN Client is setup to start at windows login. My concentrator is a Cisco VPN 3005 running vpn3005-3.6.7.F-k9.bin.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...