Mikrotik+L2TP+IPSec+AD=change passwords?

A

Arthur Arthur2016-02-11 21:51:06

Active Directory

Arthur Arthur, 2016-02-11 21:51:06

There is a functioning structure, AD+L2TP+IPSec+Mikrotik. Users can bring up the VPN if they still have a valid password. Suppose a standard password policy is set, which is changed every 42 days, access to the infrastructure is only through vpn, let's say the following scenario: 1) the user forgot to change the password while leaving for the weekend, and on Sunday his password expires, 2) A remote user who I have never been to the office (for example, a freelancer), I created a new account for him and set "require password change at first login" in AD, of course VPN does not rise (checked). Perhaps there is some kind of workaround or feature that I haven't googled about yet? In addition to creating a temporary user on Mikrotik to access the infrastructure, purely to change the password.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

N

Nikita Sizov, 2016-02-25
@sizaik

The user can change/update the password remotely via Exchange OWA or Remote Desktop Web Access, if available. If not, then alas.
Workarounds: For users who never visit the office, you can make a separate policy without having to change passwords regularly. For users who forget to change their password before the holidays, there are many ways to improve memory. For example, leave without VPN until Monday. :)

A

Artemass, 2018-02-15
@Artemass

Additionally, you can configure notifications to users about password expiration. This has been the solution to our problem. 10 days before the password expires, the user starts receiving an email every day. It's easier to change your password than to delete this "spam" from your mailbox for 10 days :)