Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Radius Password Expiry with IAS

I've seen discussions related to this topic, but nothing addressing the errors I am seeing.

I used this link as a start:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00800c3917.shtml

I first saw errors on the domain controller showing a requirement for MSCHAPv2, so I added that to the IAS server. The error that is stoping me now is:

Policy-Name = Legacy User Access to Cisco VPN

Authentication-Type = MS-CHAPv2

EAP-Type = <undetermined>

Reason-Code = 72

Reason = The user cannot change his or her password because the change password option is not enabled for the matching remote access policy.

This error is generated in on the IAS server in the SYSTEM log. Looking at the IAS policy, I do not see any options specific to allowing password change.

I've begun a search at Technet, but any ideas would be greatly appreciated...

Per

1 REPLY
Silver

Re: Radius Password Expiry with IAS

Define the VPN 3000 Concentrator as a client. Note: Microsoft is chosen as the Client-Vendor to get support for the Microsoft Vendor-Specific Attributes (VSA) required by the RADIUS with Expiry feature

228
Views
0
Helpful
1
Replies
CreatePlease to create content