Cisco Anyconnect / Domain authentication & password expiry/reset
Description of problem:
Hello all,
I am looking for a way to connect OCserv to a Windows domain in conjunction with AnyConnect and use AnyConnect's password reset dialog in case of an expired password. On the Cisco ASA there is this possibility:
Is there a way to do this with OCServ? I could not find any hints in the recipes. I have tried radius with libradius and pam with ldap so far.
Thanks in advance.
Version of ocserv used:
1.0.0
Client used:
Cisco AnyConnect 4.10
Distributor of ocserv
Debian Stretch
How reproducible:
Describe the steps to reproduce the issue:
-
Check change password on next logon on a MS AD User
-
Try to connect via AnyConnect
-
Login failed
-
Remove the check on change password on next logon
-
Try to connect via AnyConnect
-
Login successful
Actual results:
If the password is expired or checked to change on next logon, login is failed.
Expected results:
If the password is expired or checked to change on next logon, a password reset dialog is presented through AnyConnect.