Ciao,
recently I implemented the scenario where Paloalto GlobalProtect (GP) changes the password for the user authenticating in VPN.
The protocol used is the PEAP and the password repository is Active Directory.
The phases during the password change are:
1) CPPM: rlm_mschap: Password must be changed.
2) GP: PopUp asking to change the password
3) CPPM:
Password Change succeeded.
authenticating user "username", domain XXX
rlm_mschap: user "username" authentication failed
4) GP: PopUp asking to change the password again
Result: THE PASSWORD has been changed !!!! And it works !!! but with the ClearPass error.
Any Idea?