User unable to login via 802.1x when user account locked.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-18-2019 09:52 AM
Hello,
We have wired network with 802.1x authentication using NAC/XMC ver.8.3.
NAC is using LDAP to check users/hosts againts AD.
If admin sets new password for users and force the user to change password on next logon, then we have Radius Reject with following State Decsciption:
The authentication request was rejected due to NTLM authentication error: : The user account has expired. (0xc0000193)
Moreover, user is not able to change his own password even after he was succesfully getting access to the network via 802.1x.
Is there any way to overcome this issue, so users are able to login or change the password during logon process ?
This is new NAC installation we are currently deploying, and IT staff says they will only accept solution with password changing task done the way it was used before (so that user was able to change the password after getting access to network).
Any suggestions ?
REGARDS
Robert
We have wired network with 802.1x authentication using NAC/XMC ver.8.3.
NAC is using LDAP to check users/hosts againts AD.
If admin sets new password for users and force the user to change password on next logon, then we have Radius Reject with following State Decsciption:
The authentication request was rejected due to NTLM authentication error: : The user account has expired. (0xc0000193)
Moreover, user is not able to change his own password even after he was succesfully getting access to the network via 802.1x.
Is there any way to overcome this issue, so users are able to login or change the password during logon process ?
This is new NAC installation we are currently deploying, and IT staff says they will only accept solution with password changing task done the way it was used before (so that user was able to change the password after getting access to network).
Any suggestions ?
REGARDS
Robert
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-19-2019 07:51 AM
Thanks Brian,
We'll check the client setting for entering credentials manually.
BTW: Could the SSO option for connecting to network after logon be useful in this case ? Isn't the SSO for wireless only ?
REGARDS
Robert,
We'll check the client setting for entering credentials manually.
BTW: Could the SSO option for connecting to network after logon be useful in this case ? Isn't the SSO for wireless only ?
REGARDS
Robert,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-19-2019 05:35 AM
I don't see how the NAC has anything to do with that, if the client is authenticated the NAC isn't involved in the data that is rx/tx from and to the client.
-Ron
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-18-2019 08:37 PM
What version of NAC are you running? If 7.x +, the user should be prompted for a password change:
https://gtacknowledge.extremenetworks.com/articles/Solution/Using-802-1x-authentication-with-NAC-exp...
https://gtacknowledge.extremenetworks.com/articles/Solution/Using-802-1x-authentication-with-NAC-exp...
