ACS - Console access request for password reset ??

Unanswered Question
Oct 10th, 2007

G'day All

Hope someone can answer this question for me.

I am auth'ing a number of 6500's + 4500's switches to a pair of acs appliances, if I telnet or ssh to the switches, all is good and I never get requested for a password request, but if I log in via console it almost always wants me to reset my account password ?

As I have 2 accounts I can use, if I alternate between both of them it will eventually let me in with out reseting any passwords.

Why is this ? and why does it only affect console access ?

Below is my config :

aaa group server tacacs+ AAA-TAC

server 10.5.x.x

server 10.5.x.x


aaa authentication login default group AAA-TAC local-case

aaa authentication enable default group AAA-TAC enable

aaa authorization exec default group AAA-TAC if-authenticated

aaa accounting commands 15 default start-stop group AAA-TAC

Any suggestions would be great, as it is really bugging me.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Premdeep Banga Sat, 10/13/2007 - 10:06

I think its just a coincidence that you are only getting password change prompt when you are accessing device from console.

Check the ACS server, check the group/user settings, whether you have any password aging policy applied or not? that should give you some direction. Other then that, there is no such thing as password change when connection is initiated from Console.




This Discussion