Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AD passwords renewal issue

Hi all,

We are using Active Directory(Win2003 Server SP1), WLC+LAP1130, ACS4.1, WZC(WinXP with EAP-PEAP).

The problem is that users are not able to authentication after changing passowrds to AD's 90 days passwords change policy.

We are using machine authentication to allow passwords change after 90days expiration.

These user should be rechange passwords by wired.

2 REPLIES

Re: AD passwords renewal issue

The two most common causes for this are;

Ensure Machine Authentication is actually working. IE, before the user logs in, the WLC should show you the "host/......" username associated with the machine account, and the "Policy Manager State" says "Run".

Second, make sure your RADIUS Server is configured to allow password changes inside PEAP using MSCHAPv2; this is off by default on ACS and IAS.

HTH,

Richard

New Member

Re: AD passwords renewal issue

Thanks, your reply.

The machine authentication is ok and "password changes inside PEAP using MSCHAPv2" is already configured.

This issue happen to violated user who did not change password in 90day. the other users are can change passwords and auth working well.

224
Views
0
Helpful
2
Replies
CreatePlease to create content