General discussion

Locked

Cisco Vpn Password Issues

By troy.gresham ·
My company is currently running Cisco Vpn for their remote users. The problem is that when the users password is going to expire they are not alerted about the expiration, they just can't login one day. Is there a way to have cisco vpn alert the user to change their password while on the vpn and before it expires

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by sgt_shultz In reply to Cisco Vpn Password Issues

what os is your network using? and what kind of authentication? (AD?)
did you see this:
Configuring the Cisco VPN 3000 Series Concentrators to Support the NT Password Expiration Feature Using the RADIUS Server
http://www.cisco.com/warp/public/471/vpn3k-ntpwexp.html

Collapse -

by sgt_shultz In reply to

this looked like a neat idea also:
<snipped from http://www.mcpmag.com/columns/article.asp?EditorialsID=668>

I?m not the only person plagued by VPN woes. Marvin Adeff recently wrote to me about an issue he was having with his remote users: ?I?ve been racking my mind trying to come up with a script that remote users can run on their client laptops, which will allow them to change their passwords...?

It seems that Marvin has several remote users who go long periods of time without being directly connected to the office network (sometimes as long as a year). Like any good administrator, Marvin has a mandatory password expiration policy in place on the network. Regrettably, his users log onto their laptops using local, not domain, accounts. They?re authenticated on the domain by connecting to a stand-alone concentrator, which only performs authentication; it doesn?t support changing passwords. Consequently, when his users? passwords expire, they have no way of changing them.

Marvin wanted a way to help facilitate this via a script. Indeed, you can script password changes via Active Directory Service Interfaces (ADSI), but the user running the script needs the appropriate administrative permissions?not a good idea for a remote user. The ?least bad? solution in his case is to have an intranet server running a Web page that allows the users to change their domain passwords. They can access this Web server via the VPN, so there?s a reasonable level of security. Better yet, make those laptops members of the domain. This negates the need for a separate concentrator to authenticate domain credentials. It also provides better security, in general, for the laptops.

Collapse -

Domain password changes in workgroup env

by dabradabra In reply to

Synergix Object Manager ( www.synergix.com ) supports isolated clients i.e. remote users using Workgroup machines get notified about password expiration and in fact, can change their domain account password without having to use any web application

Back to Networks Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums