Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Luca_ANS
New Contributor

VPN password expired in AD

Hello everyone,

 

A client is working with a VPN that is synchronized with their AD. Passwords have a lifespan of 30 days and users receive warnings to change it.

But they don't always want to change it despite the warnings.

So when they are home working, they can no longer connect to the VPN because the password has expired and they can no longer change it.

Do you know how I will be able to solve this?

 

Best regards, Luca

 
2 REPLIES 2
Andregyn
New Contributor II

Hey,

In this case, you must have the VPN users created on Fortigate and not use the LDAP for authentication.

 You can create the users with the same user name from AD but setting a password, and use this user or group of users in the VPN configuration.

As far as I know, this is the only way to do this because if you use LDAP authentication the password will obey the AD password rule.

Is the same case when we need to add to factor authentication for a VPN using LDAP for authentication, we need to create the user in FortiGate to be able to config his email address.

 

boneyard
Valued Contributor

Luca ANS wrote:

Do you know how I will be able to solve this?

 

Questions like this always read like a child doesn't listen to a warning, hurts themselves and then cries why does this happen ...

 

The password change policy is there for a reason. If people don't follow it the results are their own in my opinion.

 

Possible technical solutions are calling the helpdesk, or a portal which is available from the internet to allow a password reset, with some form of two factor.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors