1-29
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Connection Profiles, Group Policies, and Users
Configuring Connection Profiles
that you have also enabled password management on the ASA and configured the corresponding
password management attributes. The specific steps in this section refer to Active Directory terminology
under Windows 2000 and include the following topics:
• Using Active Directory to Force the User to Change Password at Next Logon, page 70-29.
• Using Active Directory to Specify Maximum Password Age, page 70-30.
• Using Active Directory to Override an Account Disabled AAA Indicator, page 70-31
• Using Active Directory to Enforce Password Complexity, page 70-33.
This section assumes that you are using an LDAP directory server for authentication.
Using Active Directory to Force the User to Change Password at Next Logon
To force a user to change the user password at the next logon, specify the password-management
command in tunnel-group general-attributes configuration mode on the ASA and perform the following
steps under Active Directory:
Step 1 Choose Start > Programs > Administrative Tools > Active Directory Users and Computers
(Figure 70-1).
Figure 1-1 Active Directory—Administrative Tools Menu
Step 2
Right-click to choose Username > Properties > Account.
Step 3 Check the User must change password at next logon (Figure 70-2) check box.
To Next Page
Loading...
Need help?
General
