Hi guys,
some months ago our supplier configured the Remote Access VPN to authenticate through a Radius server (Microsoft NPS) -> Azure in order to use the Microsoft Authenticator app on the phone as MFA.
Everything works as expected but when it comes to change the password users don't get any message and field to change it, the error is always "wrong username or password".
Compared to the old Username_Password method, directly managed by the firewall that can write to the DC, now if a password is expired or an admin force the change at the next login, users can't do nothing.
For what I see the supplier configured the radius protocol on the SMS as PAP instead of MS-CHAPv2, which should be the reason why the password change is not allowed, is it right?
I told them about this and after some tests they answered that the Check Point Endpoint Connect client doesn't support the password change when using Radius, but I'm still not convinced.
Can you please confirm if the password change is supported in this configuration?
If yes it would be nice to have a guide or something.
Thanks!