cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
424
Views
0
Helpful
2
Replies

If you have ACS using AD for priv-1, how do you set the ENABLE password?

jdean1
Level 1
Level 1

I am trying to figure this out and not getting anywhere. I want to have acs use windows AD for authentication. Then I want the AD authed user to have priv-1 access. Then type 'enable' to gain enable access to the device if they have the enable password. I want the enable password to be centrally stored on the acs server, so that it is centrally managed for all devices. Where do I do this?

I know you can go to each user individually and configure them for a static enable password, but that is NOT what I am looking for. Any help would be great.

Thanks all - J

2 Replies 2

Vivek Santuka
Cisco Employee
Cisco Employee

Hi,

Enable password can only be the following three :-

1. User's Login password which is set in ACS

2. A Static password defined for every user

3. The External db password.

We cannot have any "centrally set" enable password for every device.

Regards,

Vivek

Thanks. Given those options how would I be able to do this for users that are ONLY in the windows AD DB? We have NO user accounts in the internal acs db to statically configure passwords.

Although a user account is dynamically created by acs after someone logs in, but I am not sure how long this is cached and if it is wise to put the enable password in this dynamic account that may dissappear?? Thoughts?

Thanks.

-j

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: