Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
477
Views
1
Helpful
3
Replies

LEAP and Active Directory

mstephen
Level 1
Level 1

‎07-07-2003 08:29 AM - edited ‎07-04-2021 08:50 AM

We use LEAP with transparent user settings for user authenticatication against win2000 Active Directory. When laptop users login, the Cisco ACS automatically takes their username and password back to AD for authentication. The AD policy requires users to change passwords every 60 days. The prompt to change password occurs with no issue, but on the next try to log in, the user can't authenticate against AD. The problem appears to be the Cisco ACS holding onto the old password when it creates an entry for transparent users.

Any thoughts as to how to overcome this?

Labels:
0 Helpful
3 Replies 3

antonios
Level 1
Level 1

‎07-09-2003 12:58 AM

Hi,

I am trying to do a similar thing but using EAP-TLS, we are struggling to integrate the login with Active directory. Do you have any tips ?

I have been following the " Installation Guide for Cisco Secure ACS for Windows Server version 3.2 ".

when we reset the password on domain controller the client still seems to login with the old cached password. I am not sure if we have setup the comms between ACS and domain controller correctly .

Thanks !!

medic
Level 1
Level 1

‎07-30-2003 05:41 AM

Back in November of '02, I had an issue with certain NT domains having the password change policy in effect and users not able to make the change using their wireless LEAP connection. What I discovered was that it could not be done through the wireless connection since LEAP was written to only support MS-CHAP v1. This change request is a v2 mechanism. Our options were to either make the change to PEAP or simply have the users change their password from their wired connection. Since we invested quite a bit in implementing LEAP only less than a year prior, it has not been feasible for us to completely change our authentication method as of yet. Not sure if this applies to your situation.

0 Helpful

colsbyw
Level 1
Level 1
In response to medic

‎01-12-2004 05:29 AM

We have had the same problems as mentioned above, but have resolved the issue. One further issue we have is to change your password via the wireless infrastructure on the NT/2000 domain once it has expired. There does not seem to be any prompt to enter a new password to reinstate your logon. Once again, if tried on the wired network there are no issues. Can anyone assist ?

Many thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card