If you have ACS using AD for priv-1, how do you set the ENABLE password?

Unanswered Question
Jan 31st, 2007

I am trying to figure this out and not getting anywhere. I want to have acs use windows AD for authentication. Then I want the AD authed user to have priv-1 access. Then type 'enable' to gain enable access to the device if they have the enable password. I want the enable password to be centrally stored on the acs server, so that it is centrally managed for all devices. Where do I do this?

I know you can go to each user individually and configure them for a static enable password, but that is NOT what I am looking for. Any help would be great.

Thanks all - J

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Vivek Santuka Wed, 01/31/2007 - 14:56


Enable password can only be the following three :-

1. User's Login password which is set in ACS

2. A Static password defined for every user

3. The External db password.

We cannot have any "centrally set" enable password for every device.



jdean1 Wed, 01/31/2007 - 16:02

Thanks. Given those options how would I be able to do this for users that are ONLY in the windows AD DB? We have NO user accounts in the internal acs db to statically configure passwords.

Although a user account is dynamically created by acs after someone logs in, but I am not sure how long this is cached and if it is wise to put the enable password in this dynamic account that may dissappear?? Thoughts?




This Discussion