Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ASA with LDAP over SSL

I have configured a solution where, when VPN users login they are authenticated using secure-ldap by a Windows AD server. I carried out several tests with the following results:

On the AD server - Prompt user to change password at next logon - PASS

On the AD server - Force users to change password when expiry trigger hit - PASS

On the AD server - Disable windows account to make sure this is reported when logging in via VPN client - PASS

On the AD server - Expire an account to make sure this is reported when logging in via VPN client - PASS

On the AD server - Enforced password minimum length and make sure password change occurs when condition is met and does not when condition is not - PASS

On the AD server - Enforced pass\word complexity and make sure password change occurs when condition is met and does not when condition is not - PASS

Triggered account lockout on the AD server to make sure this is reported when users login via VPN - PASS

The only thing I tested so far that does not appear to function is when "password history" is enabled on the AD server. A user is still able to change their password to one previously used.

Does anyone know if this should or should not work, and if it does what I may need to confgiure and where.

1 REPLY

Re: Cisco ASA with LDAP over SSL

Does the password history capability work from a host connected to the LAN? If not, you may want to check out http://support.microsoft.com/kb/906305. I would have to lab test this to confirm but based on bug CSCsd60392, I don't believe that this capability exists in the current ASA code.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsd60392

1149
Views
0
Helpful
1
Replies