VMware Networking Community
KWKirchner
Enthusiast
Enthusiast
‎07-30-2019 09:41 PM

Can users change expired passwords when authenticating SSL VPN via Active Directory?

We have authentication working for our SSL VPN using our AD servers just fine, but when a users password is expired and NSX asks them to change it, the new password never makes it into their profile.  It looks like it takes the password, but it doesnt work.

Is there some permission that we need to set on our Bind account to have it correctly update the password?  Is the password change only for internal accounts possibly? We have tried to delegate the permissions for password changes to the bind user, but that didnt seem to work (I almost want to say it worked briefly, but I wouldnt swear to it).

The NSX docs are useless for this as far as I have seen.  Any help would be appreciated, even just confirmation that it is possible to update Active Directory passwords through the SSL VPN mechanism.

0 Kudos
1 Reply
Sreejesh_D
Virtuoso
Virtuoso
‎07-31-2019 01:11 AM

the following article has detailed steps on configuring VPN with AD. Please check if it helps.

Configuring NSX SSL VPN-Plus (SKKB1019) | Spas Kaloferov's Blog

We may need to make some changes at NSX config to support AD password change. Like in CISCO ASA Cisco AnyConnect - Allow Domain Password Change via LDAP | PeteNetLive .

its good to open a ticket with VMware Support, if such config needed at NSX side.

0 Kudos