Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Password Expiration handling with LEAP enabled client?

Is there a way to configure the Client or ACS server to allow for the changing of an expired password?

It appears that if a LEAP enabled client attempts to autheticate to an Access Point via ACS that is configured to point to an NT active directory for user authentication that if the password is expired that the client just fails login and eventually the NT account is locked out(based on the domain password policy). I can somewhat understand this if the client never gets an IP address until he is authorized.

Cisco Employee

Re: Password Expiration handling with LEAP enabled client?

Hi ,

I know that ACS has option under user properties that allow changing of the password when it expires .

Also if you have latest driver and version on the client , if leap login fails , it will not send the same credential again and lockout the NT but it will pop up new window to get new username and and password .

New Member

Re: Password Expiration handling with LEAP enabled client?

I was blind-sided by this one. Unfortunately, there is no way to make a change to an expired password in a LEAP environment from a client perspective. The reason is that LEAP only supports MS-CHAP v1, not v2. There is no upgrade offered or plans to fix LEAP to accomodate this. We've been advised to change to PEAP which does support MS-CHAP v2. However, it's a bit unrealistic for us to make that change due to the lack of interoperability with PEAP with regards to various things including RADIUS vendor type, OS support, etc. It's a constantly changing wireless world, so maybe a better solution will come along in the near term rather than advising users to defeat the purpose of wireless and plug in to make the password change.


New Member

Re: Password Expiration handling with LEAP enabled client?

Does Cisco going to fix it in the next release of ACS that it will support

Password expired??


CreatePlease to create content