Security

Reply
Occasional Contributor II
Posts: 11
Registered: ‎05-14-2014

Clearpass timeout when AD is prompting for a password change?

Anyone come across this? We have users at remote sites logging into IAP225. The new users that have not logged into the domain before have a temp password. In AD we have it set to prompt for change of password as soon as they login with the temp.

This part happens to the user and while they take 2 minutes to figure out what password they want to use, they enter it, and then they get a no logon servers available. 

 

In clearpass it shows this under alerts for their login attempt. This is the first time i have seen this as well:

 

MSCHAP: AD status: Password-Change: No Password-Change-Error: Password restriction .

MSCHAP: AD status: Password-Change: No Password-Change-Error: Password restriction .

MSCHAP: AD status: Password-Change: No Password-Change-Error: Password restriction .MSCHAPL Password change failed

EAP-MSCHAPv2: User authentication failure

 

 

 

Is there some timeout window with clearpass and if so where would this setting be located?

 

MVP
Posts: 286
Registered: ‎11-04-2008

Re: Clearpass timeout when AD is prompting for a password change?

in my CPPM 6.2, the default domain server time out is 10 seconds:

Capture.PNG

~Trinh Nguyen~
Boys Town
Guru Elite
Posts: 7,839
Registered: ‎09-08-2010

Re: Clearpass timeout when AD is prompting for a password change?

You'll see the same behavior if the user doesn't accept the certificate immediately. I don't think there is a solution for that. The EAP process is time sensitive.

Are you doing machine authentication while the device is at the login screen? This is the best way to handle new users logging in.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: