Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allowing VPN users to change LDAP password before account expiration

I have configured an ASA to authenticate remote access & SSL VPN to a Microsoft LDAP server using LDAPS. I have configured the LDAP server to enforce the user to change the password at next logon, however I want to enforce additional security to make the user change the password before the account expires on the Windows DC. The problem I have is that even though I set user account on the DC to expire and enforce "interactive logon; prompt user to change password before expiration", the user is never prompted when attempting to login via VPN within the days left to expiration. Can anyone help.

2 REPLIES

Re: Allowing VPN users to change LDAP password before account ex

Have you configured the "password-management password-expire-in-days X" command under the tunnel group in question?

New Member

Re: Allowing VPN users to change LDAP password before account ex

Apologies for the delay in my reply. In answer to your question, yes this was configured. I do now have a working solution except for one thing, the password hostory function does not work when enabled on the domain controller, users can change back to a password they have used previously. I am going to start a new thread regarding this issue, however if you know an answer then please let me know.

297
Views
0
Helpful
2
Replies