When a users password is going to expire in up to 14 days, they get a warning and are asked if they would like to change their password now or skip it. If they skip it, they get put into the default Group Policy which messes up their connectivity. Here is what it looks like in the logs:
AAA user authentication Rejected : reason = Password is expiring
DAP: User jhick, Addr xx.xxx.xx.xxx, Connection AnyConnect: The following DAP records were selected for this connection: DfltAccessPolicy
If I shut off the password expiration features, the login processes normally. Any idea why this happens or how to fix it?
If the AAA server authenticates the user, the FWSM displays the User Accepted text, if specified, to the user; otherwise it displays the User Rejected text, if specified. If the rejection is because of invalid credentials (such as an incorrect username) or because the password expired, the Invalid Credentials or Expired Password text shows, instead of the User Rejected text.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...