notification to users that password will expire

Unanswered Question
Aug 22nd, 2008

Is there a way users can be notified that password from ACS will expire, when password aging rules is activated?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Premdeep Banga Fri, 08/22/2008 - 07:12

Are the users doing telnet/ssh or are doing vpn/dial in/wireless access etc ?

What is the version of ACS ?

Regards,

Prem

disailovic Mon, 08/25/2008 - 03:23

Hi Prem,

ACS version is 4.1

My customer would like to have notification for all users, vpn/dial up/administrators...

Regards,

Dragana

Jagdeep Gambhir Fri, 08/22/2008 - 07:24

I would like to know how user are joining the network ? ( like if users are logging via

telnet or VPN or PPP ) ACS supports four different password aging methods:

.PEAP and EAP-FAST Windows Password Aging-Users must be in the Windows user database and be using a Microsoft client that supports EAP, such as Windows XP. For information on the requirements and configuration of this password aging mechanism, see Enabling Password Aging for Users in Windows Databases.

.RADIUS-based Windows Password Aging-Users must be in the Windows user database and be

using the Windows Dial-up Networking (DUN) client. For information on the requirements and configuration of this password aging mechanism, see Enabling Password Aging for Users in Windows Databases.

.Password Aging for Device-hosted Sessions-Users must be in the CiscoSecure user database, the AAA client must be running TACACS+, and the connection must use Telnet. You can control the ability of users to change passwords during a device-hosted Telnet session. You can also control whether Cisco Secure ACS propagates passwords changed by this feature. For more information, see Local Password Management.

.Password Aging for Transit Sessions-Users must be in the CiscoSecure user database. Users must use a PPP dialup client. Further, the end-user client must have CiscoSecure

Authentication Agent (CAA) installed.

---> please also check:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs

33/user/g.htm#wp479534

Regards,

~JG

Do rate helpful posts

disailovic Mon, 08/25/2008 - 03:33

Hi JG,

my customer is using vpn, ppp dial in access with RADIUS, ssh/telnet with TACACS and local ACS data base. For all groups password aging is already applied.

They asked me if there is some way ACS database can be accessed and used by some custom made applicaton or script, so e-mail notification can be sent to users notifying them that there is X days until password expires.

Regards,

Dragana

Actions

This Discussion