From: Alexei Monastyrnyi (alexeim@orcsoftware.com)
Date: Tue Apr 04 2006 - 10:01:43 GMT-3
Hey.
Cisco has to support MS Windows domain-AD specific stuff to be able to
react on "password expired" issue.. which is IMO doubtful. But still
feasible. :-) Just a question of time and will.
A less secure solution would be to forward PPTP session to AD server
and authenticate users directly. "Less secure" I say, cause you might
use a Cisco VPN clients so switching to PPTP clients is a kind of step back.
And BTW, PPTP termination on PIX is not an option any longer if you go
for PIX 7.1.
A.
on 04/04/2006 11:58 Magmax wrote:
> Guys,
>
> Can anyone help me solution this real world issue
>
>
> Scenario 1
>
> Remote Users ---> WiFi ---> PIX ---> Windows 2003 IAS
>
> Scenario 2
>
> Remote Users ---> Service Provider CDMA ---> PIX ---> Windows 2003 IAS
>
>
>
> In both scenario I am using AD authentication and my problem if windows
> password for these users expire they can not log in and they also don't
> receive a prompt which tell them their password has expired
>
>
> Is there any way I can tell PIX or windows 2003 IAS to prompt user to change
> expired password. Any ideas???
>
> I know if I have Cisco 3000 concentrator and Windows 2003 IAS I can address
> this issue
>
> Remote users only access a certain application and they don't log on to the
> domain.
>
>
>
> Ubaid
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:56 GMT-3