RDG with BigIP APM and AD account password change
I implemented successfully Remote Desktop Gateway with APM. But I'm facing a problem with the NTLM authentification, when a user account need to change his password (password expired). Is there anyone who has a solution for this problem? Maybe with an iRule?
Log from my APM when this problem append: Dec 15 11:07:02 mybigip warning eca[4887]: 01620002:4: [Common] 10.10.10.10:54646 Authentication with configuration (/Common/NTLM-Auth-Conf-acces-ts-ced-RDG) result: testusr@testdomain (MYPC): Fail (STATUS_PASSWORD_MUST_CHANGE)
I'm able to trap the return code from an iRule with "When ECA_REQUEST_ALLOWED {}" but I don't know what to do after.
I would like to let the user access the backend RDP server when the user need to change his password (ECA::status = STATUS_PASSWORD_MUST_CHANGE) but block it when a wrong password is used. Any idea?