ACS Password

Unanswered Question
Nov 17th, 2008

I have a ACS and UCP installed. UCP is not working currently. Is there any alternative solution for UCP like would the user be able to change his tacacs login password and enable password over the prompt or anything like that?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sadbulali Tue, 11/25/2008 - 09:06

You use the UCP application to enable users to change their ACS passwords with a web-based utility. When users need to change passwords, they can access the UCP web page by using a supported web browser.The UCP web page requires users to log in. The required password is the Password Authentication Protocol (PAP) password for the user account. UCP authenticates the user with ACS and then allows the user to specify a new password. UCP changes the user's PAP and Challenge Handshake Authentication Protocol (CHAP) passwords to the new password.

cisco24x7 Tue, 11/25/2008 - 10:20

Having work with both UCP and ACS last week,

I can only offer this advice:

There are known issues with ACS 4.0, 4.0.1 and

4.1. ACS seems to be very sensitive to the

version of Win2k/Win2k3 and the service Pack of

windows. If you're not careful, your

configuration may not be supported by Cisco.

I tested ACS with UCP version 4.2 on Windows

2003 Enterprise Server with Service Pack 2 and

latest patches and it works fine. Just follow

the instructions in the release note and it

will work.

If you do not want to use UCP, then there is

an option under ACS under system

configuration ---> local password management,

there is a checkbox that will allow you to

change password when you log into a router.

If you enable this option, once you log into

a router/switch, after typing in your name and

the password is prompted, just hit enter

and it will allow you to change your password,

assuming that you know your old password.

If you have both the EXEC and enable password

the same, you can change both of them this way. However, if your exec and enable password is different, then your enable password can not be changed this way.

Hope that makes sense to you.


This Discussion