Force change password SSL VPN users

aveloz · ‎07-24-2016

Hello,

Theres any way to force SSL VPN users to change their password?

I found this cookbook: http://cookbook.fortinet.com/ssl-vpn-users-passwords-expire-54/ but its to force change the password every x days...I want to force the change on initial login...

Thanks

MikePruett · ‎07-24-2016

Have you ever considered throwing a FortiAuthenticator in line? You can get creative with the RADIUS server function etc when you do this.

Mike Pruett

Fortinet GURU | Fortinet Training Videos

Jeff_FTNT · ‎07-26-2016

Use Windows AD as LDAP server , it also support.

## it need go over LDAPS for Windows AD

Config user ldap/edit xxx

set secure ldaps

set password-renewal enable

end

zeki893 · ‎11-01-2017

Thanks confirmed this worked for me.

See screenshot :)

deny_all · ‎12-07-2017

Jeff_FTNT wrote:
Use Windows AD as LDAP server , it also support.
## it need go over LDAPS for Windows AD
Config user ldap/edit xxx
set secure ldaps
set password-renewal enable
end

Does LDAPS require installing Certificate Services on the domain controller and importing the certificate into the FortiGate? We have other devices using LDAPS and certificates were not required.