|
Issue:
When using Microsoft IAS RADIUS, users with expired passwords cannot connect to Perle.
Cause:
Based on the user account determined through name cracking, the user account is validated to check whether the account is locked out (which is not the same as remote access account lockout), whether the account is disabled, and whether the user account's password has expired.
If the user account is not valid, an Access-Reject packet is sent and the authentication failure event is logged in the system event log or the IAS authentication log depending, on the configured logging settings.
Solution:
If a user attempt authenticates using MS-CHAP using an expired password, MS-CHAP prompts the user to change the password while connecting to the server.
Other authentication protocols do not support this feature effectively locking out the user who used the expired password.
Currently there are no Perle products that support MS-CHAP using RADIUS.
This also applies to other RADIUS servers using Windows NT Domain database method.
Article
ID: |
392 |
| Published: |
9/9/2003 2:13:30 PM |
Last
Modified: |
9/9/2003 2:37:13 PM |
Issue Type: |
Trouble Shooting |
|