- This topic has 0 replies, 1 voice, and was last updated 5 years, 2 months ago by .
Viewing 1 post (of 1 total)
Viewing 1 post (of 1 total)
- You must be logged in to reply to this topic.
Tagged: Active Directory, OpenConnect, Password, Password Expiration, VPN
Greetings,
We recently began testing a possible solution for our off-site users, by issuing them ThinClients, setup using the VPN solution. Things were going great until they began having issues connecting.
The VPN window kept prompting them to enter their password, yet it would never connect.
In doing some troubleshooting, I installed the OpenConnect client on my Windows laptop and found the culprit. The following response from the connection to our Cisco ASA was causing the issue:
—————————————
2019-02-17 12:01:32 | 5fbc | Authentication failed in batch mode, retrying with batch mode disabled
2019-02-17 12:01:09 | 5fbc | Password change required in 13 day(s), if you wish to change now enter a new password with minimum length 2.
2019-02-17 12:01:09 | 5fbc | Leave both boxes blank to continue using current password
2019-02-17 12:01:09 | 5fbc | Password form: new_password
—————————————–
It seems that OpenConnect vomits when it receives this message during the connection handshake. When we checked the box in Active Directory, indicating that the password never expires, the connection once again worked fine.
This is, of course, an issue for us, as it goes against our security policy to allow for the password to never expire. This is indeed an issue with OpenConnect more so than ThinOS, however, I was not able to find anything while searching for issues pertaining to this, with OpenConnect.
Has anyone else had this issue? If so, how is it circumvented?
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |