[vpn-help] RADIUS with Expiry Support

[Michael-Curran (Canberra)]

Thanks very much for your response.  Looks like the ShreSoft client doesn't quite meet my needs, which is a shame.  It's a really nice piece of work.

Keep up the good work!

Regards,

Michael

-----Original Message-----
From: Matthew Grooms [mailto:mgrooms at shrew.net] 
Sent: Tuesday, 9 February 2010 5:28 PM
To: Michael-Curran (Canberra)
Cc: vpn-help at lists.shrew.net
Subject: Re: [vpn-help] RADIUS with Expiry Support

On 1/31/2010 4:32 PM, Michael-Curran (Canberra) wrote:
> Dear vpn-help community,
> I'm currently assessing the ShrewSoft VPN client as a replacement for
> the Cisco IPSec VPN client on 64-bit Windows. I'm connecting to a Cisco
> VPN 3000 concentrator from a Windows 7 x64 host. In our current
> configuration we're using extended authentication (PSK + XAuth) with
> RADIUS validating the "Xauth" part.
> I can connect and authenticate fine with this configuration using the
> ShrewSoft client, however my problem arises when the users' password
> expires. Using the Cisco or NCP clients I get challenged to change my
> expired password as part of the XAuth process. Using the ShrewSoft
> client I simply get an authentication failure, and the server tells me
> that the password change attempt was deferred.
> Does anyone know if it is possible for the ShrewSoft client to perform
> an interactive password change for an expired password when using PSK +
> XAuth?

Michael,

The Shrew Soft client doesn't support this at the moment. The Xauth user 
input occurs before the client connects and there is currently no 
mechanism to request further input. We plan to fix this in a future release.

-Matthew