AD expired password


Maybe someone can help me, I’m using PI to give an 2FA solution for my GlobalProtect VPN user. So My Firewall is connected on PrivacyIdea with radius protocol and PrivacyIdea on my Active Directories server with LDAP.
On my AD there is an expiration date for user’s password. So when a user try to connect on VPN with an expired password, of course, is not allow.

Do you know if they are a chance to have a prompt to ask the user to put the old password and put the new one during the authentication process?

I guess, I have some configuration to do an PI but also on my FW. But if you have an idea to give me a way where to look for, will be great.

Thanks a lot

Hello Xque,

privacyIDEA itself is not able to reset AD passwords.