OPNsense Forum

English Forums => General Discussion => Topic started by: manf0001 on May 23, 2020, 07:19:05 pm

Title: change user passwords over VPN
Post by: manf0001 on May 23, 2020, 07:19:05 pm

Hello,

I've seen setups of businesses using the Cisco Anyconnect VPN where users can use their AD credentials to connect.  But they can even change their password. So if there is a remote user and they have to change their password every 60 days.. when it's getting close to the expiry date, when they connect to the VPN the anyconnect client will prompt them that their password is about to expire and they can change it there, which will then update it in AD.

Is this possible with the vpn option in opnsense?  if not how would you recommend users change their password remotely if coming into the office is not possible?

Thanks

Title: Re: change user passwords over VPN
Post by: fabian on May 24, 2020, 07:27:48 am

As far as I know it is read only. You can manage a self service portal behind OPNsense.

Title: Re: change user passwords over VPN
Post by: bartjsmit on May 24, 2020, 09:26:30 am

You can set up a web interface to allow users to change their AD passwords. More info in this post: https://www.reddit.com/r/sysadmin/comments/8qrm3w/web_portal_to_reset_ad_password/

Bart...

Title: Re: change user passwords over VPN
Post by: hbc on May 24, 2020, 10:29:40 am

If you run your own exchange server, users can use the webmail interface to change passwords. They even get prompted to change expired ones.
And then there is an open-source portal you can use.

https://github.com/pwm-project/pwm/ (https://github.com/pwm-project/pwm/)

Works perfect, we use it to allow students to reset their passwords.

Title: Re: change user passwords over VPN
Post by: manf0001 on May 26, 2020, 09:33:42 pm

Thanks for all the replies.