OpenVPN Active Directory expired password



  • Hi there!
    I am fairly new to both pfSense and OpenVPN.  I've successfully set up my firewall and VPN, and it is working.  (lots of good docs out there!)
    I keep getting bit when an Active Directory password expires. OpenVPN fails to authenticate, but doesn't/can't report that the password is expired.  This is a problem for users who use Windows Remote Desktop across the VPN, but at least they've been alerted that their password will be expiring, and they can take steps before it does.  But for users who access the VPN for file sharing, it's a serious pain.  They really don't have an interface for knowing their password is getting old, or for changing it.  I'm trying to find the most appropriate way to manage this.

    For right now, I've set "Password never expires" on my Windows Server.  Not something I'd like to leave.  It means that I have to trust my users to change their password periodically on their own.

    What is best practice for this? 
    Is there some utility that can alert the user that their password will be expiring and let them change it on the remote server without logging into Remote Desktop on that network?

    Ideally, my local domain and the remote domain could sync passwords.  But I've always been intimidated by the process of setting up trusts like that.

    Thanks for any suggestions!
    Pete