Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
917
Views
0
Helpful
0
Replies

Keeping the cached and domain account passwords in sync using VPN in a

warrend
Level 1
Level 1

‎07-21-2003 11:20 AM - edited ‎02-21-2020 12:40 PM

I'm running into issues keeping the PC's cached password and the password on the domain controller synchronized. In between mandatory password changes there is no issue. But when a users’ password has expired and they use the change password process supplied by the 3005 VPN concentrator (Radius with Expiry), the domain and PC passwords become out of sync. The domain is updated correctly and is looking for the new password, but the PC did not update and is looking for the old password. At that point you're in a catch22 scenario because if you use the new password it won’t match what the PC remembers (it’s looking for the old password) and your logon is refused. Using the old password, you will get passed the PC logon, but your account will not be able to access anything on the domain. Eventually your domain account will be locked out.

It seems the bottom line issue(s) is either the PC is not being updated by the VPN password change process but should be. Or, when using a VPN connection, the PC is not deferring to the domain controller for ID/password verification during the initial login process. I can’t be the only person who’s been here before. What did I overlook?

The PC is a windows 2000 machine using the Cisco VPN 3.6.2(B) client. VPN Client is setup to start at windows login. My concentrator is a Cisco VPN 3005 running vpn3005-3.6.7.F-k9.bin.

Thanks for your help.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents