Changing Windows Passwords - VPN with a PIX, Cisco VPN Client and RADIUS Authentication

Discussion in 'Cisco' started by DCS, Jun 15, 2006.

  1. DCS

    DCS Guest

    I have remote access configured between a PIX running IOS 7.2(1) and
    Cisco VPN clients running 4.8. I'm currently authenticating using
    RADIUS from IAS running on a Windows 2003 Server. This server is
    configured as a stand-alone workgroup server and all users are
    maintained on it.

    How do I enable changes to the Windows password when a user's password
    has expired or they first get their account and are required to change
    the password at first login? All my users are remote and never local
    so the VPN is their only access. I know this is possible using the
    Concentrator but the PIX and ASA's should have evolved to the point to
    accomodate this.

    Also, my current RADIUS exchange takes place using PAP, which is
    unencrypted. How can I change this to MS-CHAP v2? Thanks!
    DCS, Jun 15, 2006
    1. Advertisements

  2. DCS

    DCS Guest

    I now have the MS-CHAPv2 working between the PIX and IAS. I ensured
    MS-CHAPv2 was allowed on the IAS side and then added the
    "password-management" on the tunnel group ipsec-attributes being used
    for the remote connection. I'm still unable to change Windows password
    though the 7.2(1) documentation says it will. Is the RADIUS command to
    do this supported in Cisco ACS and not IAS RADIUS?
    DCS, Jun 16, 2006
    1. Advertisements

  3. DCS


    Mar 26, 2009
    Likes Received:
    Enable MS-CHAPv2

    How did you enable MS-CHAPv2 on the PIX [running 8.0(4)] to authenticate with MS RADIUS server (IAS)?

    eshan_amiran, Mar 26, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.