Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN3030 and NT Authentication

I am Authenticating all VPN users to a local NT SAM database (which happens to reside on my ACS Server). The password change works fine after the configured time has passed. Users log in and get the "your password has expired" message and are able to change the password and continue. The issue that we are facing now is users are wanting to change their passwords when they want to, and the only way to do this today is to call an administrator and have them check the "prompt for change on next login" on the user. I know if you authenticate users to the local TACACS database, users can browse to the server, login and change this password when they want to. Just searching for what options I might have for the NT users to have the same browse-to-and-change-password option. I have looked at but have struggled hooking that into my ACS server. Any recommendations?

New Member

Re: VPN3030 and NT Authentication

In our current environment we run XP with the cisco 4.6 client. The option to start a connection before logging on to a Windows NT system has been enabled.

If the users are connected to the network via VPN then they should be able to "CTL + ALT + DEL" | Change password to initiate the change on the DC and the next time they VPN in, the ACS should see the new password via Radius.

New Member

Re: VPN3030 and NT Authentication

Thank you for your reply. In this setup, our active directory that our customers/employees sign into is different than the VPN segment, i.e. i do not run AD on my vpn segment. So i believe if they "CTRL+ALT+DEL" it would only change their local password. Is that a correct statement?

CreatePlease to create content