I am trying to use Cisco VPN client V4 ACS V.latest and PIX 7.2 firewall and have the users notified of Active Directory account password expiry warnings so that they have time to change them before they expire.

I thought this was now possible using the new password-management commands bit so far I am unable to make it work.

I have been able to get VPN clients to authenticate against the AD server using RADIUS; but not using ldap

The following config extract with PIX debugg output shows what I have configured.

I have a AD user called aaa (who can logon via ACS and AD over RADIUS; but not via ldap)

I have tried to follow various cisco.com links to set this up; but I am clearly missing something

I would appreciate any help please! :-)

the attachment shows the config and the debug output

testpix(config)#

[194] Session Start

[194] New request Session, context 0x27e76c0, reqType = 1

[194] Fiber started

[194] Creating LDAP context with uri=ldaps://192.168.0.100:636

[194] Connect to LDAP server: ldaps://192.168.0.100:636, status = Failed

[194] Failed to bind as administrator returned code (-1) Can't contact LDAP server

[194] Fiber exit Tx=0 bytes Rx=0 bytes, status=-2

[194] Session End

[195] Session Start

[195] New request Session, context 0x27e76c0, reqType = 1

[195] Fiber started

[195] Creating LDAP context with uri=ldaps://192.168.0.100:636

[195] Connect to LDAP server: ldaps://192.168.0.100:636, status = Failed

[195] Failed to bind as administrator returned code (-1) Can't contact LDAP server

[195] Fiber exit Tx=0 bytes Rx=0 bytes, status=-2

[195] Session End

[196] Session Start

[196] New request Session, context 0x27e76c0, reqType = 1

[196] Fiber started

[196] Creating LDAP context with uri=ldaps://192.168.0.100:636

[196] Connect to LDAP server: ldaps://192.168.0.100:636, status = Failed

[196] Failed to bind as administrator returned code (-1) Can't contact LDAP server

[196] Fiber exit Tx=0 bytes Rx=0 bytes, status=-2

[196] Session End