13041 TACACS+ authentication request switches from Login to Change Password functionality.

Unanswered Question
Sep 12th, 2010
User Badges:

Hi Team,


I am not able to change password on ACS clients in next log on.


on ACS 5.1 getting below message.

13041 TACACS+ authentication request switches from Login to Change Password functionality.



Even i selected "Changed Password on Next Login"



ACS Logs given..



Status:
Failed
Failure Reason:
13041 TACACS+ authentication request switches from Login to Change Password functionality.
Logged At:
Sep 13, 2010 9:48 AM
ACS Time:
Sep 13, 2010 9:48 AM
ACS Instance:

ACS-PRI



Authentication Result
Type=Authentication
Authen-Reply-Status=Fail
Server-Msg=As per GSD setting telnet not used for TML CEP devices.



Steps
Received TACACS+ Authentication START Request
Evaluating Service Selection Policy
Matched rule
Selected Access Service - Default Device Admin
Evaluating Identity Policy
Matched Default Rule
Selected Identity Store -
Current Identity Store does not support the authentication method; Skipping it.
TACACS+ will use the password prompt from global TACACS+ configuration.
Returned TACACS+ Authentication Reply
Received TACACS+ Authentication CONTINUE Request
Using previously selected Access Service
TACACS+ authentication request switches from Login to Change Password functionality.
TACACS+ ASCII change password request.
Returned TACACS+ Authentication Reply



Regards

Milind Rane

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Waris Hussain Mon, 09/13/2010 - 11:43
User Badges:

Hi ,

Are you using  ACS5.0 is yes then there is feature limitation on that code, this feature is supported in ACS 5.1

Here is the feature request : CSCtc31598


Symptom:

The "user must change password on next login" feature for TACACS+ authentication for users defined in the local ACS store does not work.

If set, users will fail to login

Workaround:

none


Thanks
Waris Hussain.

Actions

This Discussion