67-31
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter67 Configuring Connection Profiles, Group Policies, and Users
Configuring Connection Profiles
Figure67-3 Active Directory—Maximum Password Age
Note The radius-with-expiry command, formerly configured as part of tunnel-group remote-access
configuration to perform the password age function, is deprecated. The password-management
command, entered in tunnel-group general-attributes mode, replaces it.
Using Active Directory to Override an Account Disabled AAA Indicator
To override an account-disabled indication from a AAA server, specify the override-account-disable
command in tunnel-group general-attributes configuration mode on theASA and do the following steps
under Active Directory:
Note Allowing override account-disabled is a potential security risk.
Step1 Select Start > Programs > Administrative Tools> Active Directory Users and Computers.
Step2 Right-click Username > Properties> Account and select Disable Account from the menu.