change user passwords over VPN

manf0001 · May 23, 2020, 07:19:05 PM

Hello,

I've seen setups of businesses using the Cisco Anyconnect VPN where users can use their AD credentials to connect. But they can even change their password. So if there is a remote user and they have to change their password every 60 days.. when it's getting close to the expiry date, when they connect to the VPN the anyconnect client will prompt them that their password is about to expire and they can change it there, which will then update it in AD.

Is this possible with the vpn option in opnsense? if not how would you recommend users change their password remotely if coming into the office is not possible?

Thanks

fabian · May 24, 2020, 07:27:48 AM

As far as I know it is read only. You can manage a self service portal behind OPNsense.

bartjsmit · May 24, 2020, 09:26:30 AM

You can set up a web interface to allow users to change their AD passwords. More info in this post: https://www.reddit.com/r/sysadmin/comments/8qrm3w/web_portal_to_reset_ad_password/

Bart...

hbc · May 24, 2020, 10:29:40 AM

If you run your own exchange server, users can use the webmail interface to change passwords. They even get prompted to change expired ones.
And then there is an open-source portal you can use.

https://github.com/pwm-project/pwm/

Works perfect, we use it to allow students to reset their passwords.

manf0001 · May 26, 2020, 09:33:42 PM

Thanks for all the replies.

change user passwords over VPN

manf0001

May 23, 2020, 07:19:05 PM

fabian

May 24, 2020, 07:27:48 AM #1

bartjsmit

May 24, 2020, 09:26:30 AM #2

hbc

May 24, 2020, 10:29:40 AM #3

manf0001

May 26, 2020, 09:33:42 PM #4