OPNsense Forum
English Forums => General Discussion => Topic started by: manf0001 on May 23, 2020, 07:19:05 pm
-
Hello,
I've seen setups of businesses using the Cisco Anyconnect VPN where users can use their AD credentials to connect. But they can even change their password. So if there is a remote user and they have to change their password every 60 days.. when it's getting close to the expiry date, when they connect to the VPN the anyconnect client will prompt them that their password is about to expire and they can change it there, which will then update it in AD.
Is this possible with the vpn option in opnsense? if not how would you recommend users change their password remotely if coming into the office is not possible?
Thanks
-
As far as I know it is read only. You can manage a self service portal behind OPNsense.
-
You can set up a web interface to allow users to change their AD passwords. More info in this post: https://www.reddit.com/r/sysadmin/comments/8qrm3w/web_portal_to_reset_ad_password/
Bart...
-
If you run your own exchange server, users can use the webmail interface to change passwords. They even get prompted to change expired ones.
And then there is an open-source portal you can use.
https://github.com/pwm-project/pwm/ (https://github.com/pwm-project/pwm/)
Works perfect, we use it to allow students to reset their passwords.
-
Thanks for all the replies.