We use LEAP with transparent user settings for user authenticatication against win2000 Active Directory. When laptop users login, the Cisco ACS automatically takes their username and password back to AD for authentication. The AD policy requires users to change passwords every 60 days. The prompt to change password occurs with no issue, but on the next try to log in, the user can't authenticate against AD. The problem appears to be the Cisco ACS holding onto the old password when it creates an entry for transparent users.
Back in November of '02, I had an issue with certain NT domains having the password change policy in effect and users not able to make the change using their wireless LEAP connection. What I discovered was that it could not be done through the wireless connection since LEAP was written to only support MS-CHAP v1. This change request is a v2 mechanism. Our options were to either make the change to PEAP or simply have the users change their password from their wired connection. Since we invested quite a bit in implementing LEAP only less than a year prior, it has not been feasible for us to completely change our authentication method as of yet. Not sure if this applies to your situation.
We have had the same problems as mentioned above, but have resolved the issue. One further issue we have is to change your password via the wireless infrastructure on the NT/2000 domain once it has expired. There does not seem to be any prompt to enter a new password to reinstate your logon. Once again, if tried on the wired network there are no issues. Can anyone assist ?
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...