We have wired network with 802.1x authentication using NAC/XMC ver.8.3.
NAC is using LDAP to check users/hosts againts AD.
If admin sets new password for users and force the user to change password on next logon, then we have Radius Reject with following State Decsciption:
The authentication request was rejected due to NTLM authentication error: : The user account has expired. (0xc0000193)
Moreover, user is not able to change his own password even after he was succesfully getting access to the network via 802.1x.
Is there any way to overcome this issue, so users are able to login or change the password during logon process ?
This is new NAC installation we are currently deploying, and IT staff says they will only accept solution with password changing task done the way it was used before (so that user was able to change the password after getting access to network).
Any suggestions ?