12-06-2017 08:23 AM
Hello Community
I have a problem with end users,
I have ISE 2.2 configured and only policies to authenticate with 802.1x. everything is fine until ISE detects that it requires a change of password, I say that ISE because it sends a report attached as an image. already review the resolution, but if the password change is enabled on the ISE platform.
When trying to make the password change from the user's computer, the AD does not allow it and the user had to be removed from the domain and re-entered so that the AD could accept the password change, but for this I had to remove the configuration of the switch port.
What do you recommend to be done? Is it a configuration or user error or AD error?
Solved! Go to Solution.
12-06-2017 12:35 PM
Christian,
Couple of things you can do is to make sure you allow certain ports to AD open before authentication on the interface.
Try this first with switchport configured as "authentication open" to allow everything to network ( on a test machine) before and after authentication to see if it changes the behavior. Other than the AD should allow users to change the password from their "Control + Alt + Delete" prompt.
Thanks
Krishnan
12-06-2017 12:35 PM
Christian,
Couple of things you can do is to make sure you allow certain ports to AD open before authentication on the interface.
Try this first with switchport configured as "authentication open" to allow everything to network ( on a test machine) before and after authentication to see if it changes the behavior. Other than the AD should allow users to change the password from their "Control + Alt + Delete" prompt.
Thanks
Krishnan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide