08-22-2008 05:53 AM - edited 03-10-2019 04:03 PM
Is there a way users can be notified that password from ACS will expire, when password aging rules is activated?
08-22-2008 07:12 AM
Are the users doing telnet/ssh or are doing vpn/dial in/wireless access etc ?
What is the version of ACS ?
Regards,
Prem
08-25-2008 03:23 AM
Hi Prem,
ACS version is 4.1
My customer would like to have notification for all users, vpn/dial up/administrators...
Regards,
Dragana
08-22-2008 07:24 AM
I would like to know how user are joining the network ? ( like if users are logging via
telnet or VPN or PPP ) ACS supports four different password aging methods:
.PEAP and EAP-FAST Windows Password Aging-Users must be in the Windows user database and be using a Microsoft client that supports EAP, such as Windows XP. For information on the requirements and configuration of this password aging mechanism, see Enabling Password Aging for Users in Windows Databases.
.RADIUS-based Windows Password Aging-Users must be in the Windows user database and be
using the Windows Dial-up Networking (DUN) client. For information on the requirements and configuration of this password aging mechanism, see Enabling Password Aging for Users in Windows Databases.
.Password Aging for Device-hosted Sessions-Users must be in the CiscoSecure user database, the AAA client must be running TACACS+, and the connection must use Telnet. You can control the ability of users to change passwords during a device-hosted Telnet session. You can also control whether Cisco Secure ACS propagates passwords changed by this feature. For more information, see Local Password Management.
.Password Aging for Transit Sessions-Users must be in the CiscoSecure user database. Users must use a PPP dialup client. Further, the end-user client must have CiscoSecure
Authentication Agent (CAA) installed.
---> please also check:
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs
33/user/g.htm#wp479534
Regards,
~JG
Do rate helpful posts
08-25-2008 03:33 AM
Hi JG,
my customer is using vpn, ppp dial in access with RADIUS, ssh/telnet with TACACS and local ACS data base. For all groups password aging is already applied.
They asked me if there is some way ACS database can be accessed and used by some custom made applicaton or script, so e-mail notification can be sent to users notifying them that there is X days until password expires.
Regards,
Dragana
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: