I have the same issue, the VPN client can't seem to interpret the messages
relating to changing passwords and just defaults to denying access.
The "workaround" (and you'll see why its in inverted comma's) that I use is to
setup recurring Outlook tasks for users to remind them to change their
passwords several days before they're due....far from ideal but worth a try.
If anyone has got a fix for this I would be eternally grateful!
Richard
-----Original Message-----
From: Hodgson, Tim [mailto:Tim.Hodgson@hdfse.com]
Sent: 05 September 2005 14:31
To: firewalls@securityfocus.com
Subject: Cisco PIX VPN Client issue
Hi All,
Wondering if anyone can help with this issue:
PIX firewall configured to use a Win2K server running RADIUS to authenticate
users connecting remotely via the VPN Client 4.6.
This all works fine, except for when a users password is close to expiring, at
which point the user is denied access and the following error is logged in the
event log on the RADIUS server: (I've blanked out some info with ***)
We didn't have the same issue on our old Sonicwall, the user was just presented
with a change password dialogue box!
Any ideas on how I can resolve this? I've searched through the CISCO website
but can't spot anything useful!!
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 05/09/2005
Time: 08:31:30
User: N/A
Computer: *********
Description:
User ******** was denied access.
Fully-Qualified-User-Name = ****\******
NAS-IP-Address = **.***.***.**
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = 86.132.18.247
Client-Friendly-Name = HDFSE Firewall
Client-IP-Address = **.***.***.**
NAS-Port-Type = <not present>
NAS-Port = 1015
Policy-Name = <undetermined>
Authentication-Type = PAP
EAP-Type = <undetermined>
Reason-Code = 33
Reason = The user must change their password.
Regards
Tim Hodgson
European IT Systems Support Specialist.
Harley-Davidson Financial Services Europe Limited.
6000 Garsington Road, Oxford Business Park North.
Cowley, Oxford.
OX4 2DQ
Tel: +44 (0)870 1916109
Mob: +44 (0)7789 742763
E-mail: tim.hodgson@hdfse.com
----------------------------------------------------------------------------------------------------------------
Disclaimer: This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.
If you have received this email in error please notify the
originator of the message. This footer also confirms that this
email message has been scanned for the presence of computer
viruses and Henshaws Society for Blind People will not accept
any responsibility for any loss of data or financial loss caused
directly or indirectly by opening or processing this email and any
accompanying attachments.
Any views expressed in this message are those of the individual
sender, except where the sender specifies and with authority,
states them to be the views of Henshaws Society for Blind People.
Please Note: Recipients of this message should be aware that
Henshaws Society for Blind People reserves the right to monitor
all email sent to and from the hsbp.co.uk domain or any other
domain that may be administered by the said organisation.
Head office telephone number: 0161 872 1234
Head office fax number: 0161 848 9889
website: http://www.hsbp.co.uk
