Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
534
Views
0
Helpful
2
Replies

Allowing VPN users to change LDAP password before account expiration

paultribe
Level 1
Level 1

‎08-14-2009 06:28 AM

I have configured an ASA to authenticate remote access & SSL VPN to a Microsoft LDAP server using LDAPS. I have configured the LDAP server to enforce the user to change the password at next logon, however I want to enforce additional security to make the user change the password before the account expires on the Windows DC. The problem I have is that even though I set user account on the DC to expire and enforce "interactive logon; prompt user to change password before expiration", the user is never prompted when attempting to login via VPN within the days left to expiration. Can anyone help.

Labels:
0 Helpful
2 Replies 2

Todd Pula
Level 7
Level 7

‎08-17-2009 06:26 AM

Have you configured the "password-management password-expire-in-days X" command under the tunnel group in question?

0 Helpful

paultribe
Level 1
Level 1
In response to Todd Pula

‎08-27-2009 02:49 AM

Apologies for the delay in my reply. In answer to your question, yes this was configured. I do now have a working solution except for one thing, the password hostory function does not work when enabled on the domain controller, users can change back to a password they have used previously. I am going to start a new thread regarding this issue, however if you know an answer then please let me know.

0 Helpful
Customers Also Viewed These Support Documents