Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

13041 TACACS+ authentication request switches from Login to Change Password functionality.

Hi Team,

I am not able to change password on ACS clients in next log on.

on ACS 5.1 getting below message.

13041 TACACS+ authentication request switches from Login to Change Password functionality.

Even i selected "Changed Password on Next Login"

ACS Logs given..

Status:
Failed
Failure Reason:
13041 TACACS+ authentication request switches from Login to Change Password functionality.
Logged At:
Sep 13, 2010 9:48 AM
ACS Time:
Sep 13, 2010 9:48 AM
ACS Instance:

ACS-PRI

Authentication Result
Type=Authentication
Authen-Reply-Status=Fail
Server-Msg=As per GSD setting telnet not used for TML CEP devices.

Steps
Received TACACS+ Authentication START Request
Evaluating Service Selection Policy
Matched rule
Selected Access Service - Default Device Admin
Evaluating Identity Policy
Matched Default Rule
Selected Identity Store -
Current Identity Store does not support the authentication method; Skipping it.
TACACS+ will use the password prompt from global TACACS+ configuration.
Returned TACACS+ Authentication Reply
Received TACACS+ Authentication CONTINUE Request
Using previously selected Access Service
TACACS+ authentication request switches from Login to Change Password functionality.
TACACS+ ASCII change password request.
Returned TACACS+ Authentication Reply

Regards

Milind Rane

1 REPLY
New Member

Re: 13041 TACACS+ authentication request switches from Login to

Hi ,

Are you using  ACS5.0 is yes then there is feature limitation on that code, this feature is supported in ACS 5.1

Here is the feature request : CSCtc31598

Symptom:

The "user must change password on next login" feature for TACACS+ authentication for users defined in the local ACS store does not work.

If set, users will fail to login

Workaround:

none


Thanks
Waris Hussain.
1413
Views
0
Helpful
1
Replies
CreatePlease login to create content