Changing Windows Passwords - VPN with a PIX, Cisco VPN Client and RADIUS Authentication

Discussion in 'Cisco' started by DCS, Jun 15, 2006.

  1. DCS

    DCS Guest

    I have remote access configured between a PIX running IOS 7.2(1) and
    Cisco VPN clients running 4.8. I'm currently authenticating using
    RADIUS from IAS running on a Windows 2003 Server. This server is
    configured as a stand-alone workgroup server and all users are
    maintained on it.

    How do I enable changes to the Windows password when a user's password
    has expired or they first get their account and are required to change
    the password at first login? All my users are remote and never local
    so the VPN is their only access. I know this is possible using the
    Concentrator but the PIX and ASA's should have evolved to the point to
    accomodate this.

    Also, my current RADIUS exchange takes place using PAP, which is
    unencrypted. How can I change this to MS-CHAP v2? Thanks!
    DCS, Jun 15, 2006
    #1
    1. Advertising

  2. DCS

    DCS Guest

    DCS wrote:
    > I have remote access configured between a PIX running IOS 7.2(1) and
    > Cisco VPN clients running 4.8. I'm currently authenticating using
    > RADIUS from IAS running on a Windows 2003 Server. This server is
    > configured as a stand-alone workgroup server and all users are
    > maintained on it.
    >
    > How do I enable changes to the Windows password when a user's password
    > has expired or they first get their account and are required to change
    > the password at first login? All my users are remote and never local
    > so the VPN is their only access. I know this is possible using the
    > Concentrator but the PIX and ASA's should have evolved to the point to
    > accomodate this.
    >
    > Also, my current RADIUS exchange takes place using PAP, which is
    > unencrypted. How can I change this to MS-CHAP v2? Thanks!


    I now have the MS-CHAPv2 working between the PIX and IAS. I ensured
    MS-CHAPv2 was allowed on the IAS side and then added the
    "password-management" on the tunnel group ipsec-attributes being used
    for the remote connection. I'm still unable to change Windows password
    though the 7.2(1) documentation says it will. Is the RADIUS command to
    do this supported in Cisco ACS and not IAS RADIUS?
    DCS, Jun 16, 2006
    #2
    1. Advertising

  3. DCS

    eshan_amiran

    Joined:
    Mar 26, 2009
    Messages:
    1
    Enable MS-CHAPv2

    How did you enable MS-CHAPv2 on the PIX [running 8.0(4)] to authenticate with MS RADIUS server (IAS)?

    Thanks
    eshan_amiran, Mar 26, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. tejlor
    Replies:
    2
    Views:
    2,272
    tejlor
    Nov 25, 2003
  2. Nuno Martins
    Replies:
    0
    Views:
    682
    Nuno Martins
    Feb 17, 2004
  3. Spoettel Otmar
    Replies:
    0
    Views:
    555
    Spoettel Otmar
    May 12, 2004
  4. John Smith
    Replies:
    2
    Views:
    3,201
    John Smith
    Dec 1, 2004
  5. John Smith
    Replies:
    2
    Views:
    3,297
    John Smith
    Dec 3, 2004
Loading...

Share This Page