ASA running 8.4. I have password-management enabled on the tunnel group, LDAP over SSL enabled, yet when I test by setting an account to require password change after next login, the New Password Required page loads (clientless) and allows new password to be entered. After hitting continue, it returns to the username login page with this message above the username field
Cannot complete password change because the password does not meet the password policy requirements. Check the minimum password length, password complexity, and password history requirements.
Yet I'm able to change the password at the same time from a workstation, so there is no gp policy that is denying the password change. We have it set to minimum days 0 and no complexity required. I am meeting the minimum length.
a debug output when I hit continue after entering new password:
 Session Start
 New request Session, context 0x74637d10, reqType = Modify Password
 Fiber started
 Creating LDAP context with uri=ldaps://192.168.102.15:636
 Connect to LDAP server: ldaps://192.168.102.15:636, status = Successful
 supportedLDAPVersion: value = 3
 supportedLDAPVersion: value = 2
 Binding as asauser
 Performing Simple authentication for asauser to 192.168.102.15
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...