Technical Tip: Cannot Restrict SSL VPN users (Local) to change password at the time of expiry.
Description
This article explains how in some scenarios, a password policy may have been configured for local users and applied for SSL VPN.
Once the password expires, the user can not set up a VPN and force the password to be renewed in order to set up a VPN.
Once the user has renewed the password, the user will be able to log in to VPN. It is not possible to limit the local user to changing the password at the moment of expiry.
Solution
Workaround:
Use LDAP users instead of local users.
In LDAP Configuration, it is possible to get an option to restrict password renewal by using following commands.
However, this will apply to all LDAP users mapped to SSL VPN.
It can not be applied to individual LDAP users. To limit it to an individual user, limit it directly to the LDAP server under user settings.
This article explains how in some scenarios, a password policy may have been configured for local users and applied for SSL VPN.
Once the password expires, the user can not set up a VPN and force the password to be renewed in order to set up a VPN.
Once the user has renewed the password, the user will be able to log in to VPN. It is not possible to limit the local user to changing the password at the moment of expiry.
Solution
Workaround:
Use LDAP users instead of local users.
In LDAP Configuration, it is possible to get an option to restrict password renewal by using following commands.
#config user ldap(By default,Its disabled).
#edit "ldap_server_name"
#set set password-renewal disable
#end
However, this will apply to all LDAP users mapped to SSL VPN.
It can not be applied to individual LDAP users. To limit it to an individual user, limit it directly to the LDAP server under user settings.