I have remote access configured between a PIX running IOS 7.2(1) and Cisco VPN clients running 4.8. I'm currently authenticating using RADIUS from IAS running on a Windows 2003 Server. This server is configured as a stand-alone workgroup server and all users are maintained on it.
How do I enable changes to the Windows password when a user's password has expired or they first get their account and are required to change the password at first login? All my users are remote and never local so the VPN is their only access. I know this is possible using the Concentrator but the PIX and ASA's should have evolved to the point to accomodate this.
Also, my current RADIUS exchange takes place using PAP, which is unencrypted. How can I change this to MS-CHAP v2? Thanks!