Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Changing Windows Passwords - VPN with a PIX, Cisco VPN Client and RADIUS Authentication

Reply
Thread Tools

Changing Windows Passwords - VPN with a PIX, Cisco VPN Client and RADIUS Authentication

 
 
DCS
Guest
Posts: n/a
 
      06-15-2006
I have remote access configured between a PIX running IOS 7.2(1) and
Cisco VPN clients running 4.8. I'm currently authenticating using
RADIUS from IAS running on a Windows 2003 Server. This server is
configured as a stand-alone workgroup server and all users are
maintained on it.

How do I enable changes to the Windows password when a user's password
has expired or they first get their account and are required to change
the password at first login? All my users are remote and never local
so the VPN is their only access. I know this is possible using the
Concentrator but the PIX and ASA's should have evolved to the point to
accomodate this.

Also, my current RADIUS exchange takes place using PAP, which is
unencrypted. How can I change this to MS-CHAP v2? Thanks!

 
Reply With Quote
 
 
 
 
DCS
Guest
Posts: n/a
 
      06-16-2006

DCS wrote:
> I have remote access configured between a PIX running IOS 7.2(1) and
> Cisco VPN clients running 4.8. I'm currently authenticating using
> RADIUS from IAS running on a Windows 2003 Server. This server is
> configured as a stand-alone workgroup server and all users are
> maintained on it.
>
> How do I enable changes to the Windows password when a user's password
> has expired or they first get their account and are required to change
> the password at first login? All my users are remote and never local
> so the VPN is their only access. I know this is possible using the
> Concentrator but the PIX and ASA's should have evolved to the point to
> accomodate this.
>
> Also, my current RADIUS exchange takes place using PAP, which is
> unencrypted. How can I change this to MS-CHAP v2? Thanks!


I now have the MS-CHAPv2 working between the PIX and IAS. I ensured
MS-CHAPv2 was allowed on the IAS side and then added the
"password-management" on the tunnel group ipsec-attributes being used
for the remote connection. I'm still unable to change Windows password
though the 7.2(1) documentation says it will. Is the RADIUS command to
do this supported in Cisco ACS and not IAS RADIUS?

 
Reply With Quote
 
 
 
 
eshan_amiran eshan_amiran is offline
Junior Member
Join Date: Mar 2009
Posts: 1
 
      03-26-2009
How did you enable MS-CHAPv2 on the PIX [running 8.0(4)] to authenticate with MS RADIUS server (IAS)?

Thanks
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco VPN Client(4.8.01.0300) + Router(C1812) + Radius Auth(MS IAS) ahab.captain@gmail.com Cisco 0 08-17-2007 10:11 AM
problem with 2 VPN-Client groups and Radius authentication on Cisco PIX 515E Spoettel Otmar Cisco 0 05-12-2004 12:54 PM
VPN Client works with LOCAL authentication but not RADIUS Nuno Martins Cisco 0 02-17-2004 03:43 PM
Authentication for Cisco VPN client on PIX (RADIUS vs. local PIX database) tejlor Cisco 2 11-25-2003 08:07 AM
Cisco radius attributes with Funk Steel-Belted Radius Server David Cisco 0 11-06-2003 09:54 PM



Advertisments