I am Authenticating all VPN users to a local NT SAM database (which happens to reside on my ACS Server). The password change works fine after the configured time has passed. Users log in and get the "your password has expired" message and are able to change the password and continue. The issue that we are facing now is users are wanting to change their passwords when they want to, and the only way to do this today is to call an administrator and have them check the "prompt for change on next login" on the user. I know if you authenticate users to the local TACACS database, users can browse to the server, login and change this password when they want to. Just searching for what options I might have for the NT users to have the same browse-to-and-change-password option. I have looked at password-station.net but have struggled hooking that into my ACS server. Any recommendations?
In our current environment we run XP with the cisco 4.6 client. The option to start a connection before logging on to a Windows NT system has been enabled.
If the users are connected to the network via VPN then they should be able to "CTL + ALT + DEL" | Change password to initiate the change on the DC and the next time they VPN in, the ACS should see the new password via Radius.
Thank you for your reply. In this setup, our active directory that our customers/employees sign into is different than the VPN segment, i.e. i do not run AD on my vpn segment. So i believe if they "CTRL+ALT+DEL" it would only change their local password. Is that a correct statement?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :