How to Disable fields after AD Password expired

Question

Hi everyone.We have a F5 v17.1.0.3 with APM Profile configured in standard mode customization configuration.&nbsp;We would like to disable the fields "New Password" and "Verify Password" after the AD responds with message "Password Expired". The AAA error message we modified without problems, editing the AAA error message custom.Its possible to disable these fields "New Password" and Verify Password?&nbsp;Regards.

injeyan_kostas · Answer

If I understand well, you do not want to give user the option to create new password when previous one is expired.

This is actually a default behavior of AD Auth

One option is to use AD Query before AD Auth and add this "Expression: expr {[mcget {session.ad.last.queryresult}] == 0 && [ string tolower [mcget {session.ad.last.errmsg}]] contains [ string tolower "Password has expired"]}" as a branch with a custom deny ending.

Second option is to use LDAP Auth instead AD Auth.

secops_ax-sp · Answer

Thanks Injeyan.&nbsp;Finally we used the LDAP Auth option.This involved changing the config in the Auth policy but it worked fine. 🙂&nbsp;Regards.&nbsp;

Forum Discussion

How to Disable fields after AD Password expired

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

AD password expired

Password Safety & Security: Passwords vs. Passphrases

LTM Certificate expire

Automate scp transfers using password

Expired ssl warning

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS