Currently, I have a Cisco ACS-126.96.36.199.5 on a Windows Server 2003 SP2, with a Cisco switch (3750 - TACACS).
I have mapped an Active Directory Group to an ACS Group.
I'm connecting on the 3750 with my AD login/pwd. It's working. Perfect.
I change my AD password. I try to connect on a server (to test if my password is replicated) and yes my password is replicated.
Now, I try to connect on the 3750. My new password worksâ¦ but the OLD too.
OLD and NEW password work with my login.
What I have missed in the configuration? I have no local user in the Cisco ACS Local Database.
According to the Windows Team, the login that I use is in a group which is replicated instantly everywhereâ¦ and yes because the new password worksâ¦ but why the OLD is workingâ¦? I try my OLD password on the previous server (or another server or a web portal which this group is linked), it doesn't work.
But for all devices (TACACS & RADIUS) in the Cisco ACS, the OLD password works.
I have a scenario for you in active directory when two passwords may be valid:
Old passwords can also work on domain controllers that have not received replication yet from either the domain controller the password was changed on, or the PDC emulator in the domain.
Let's take a scenario where we have a 3 site, 3 domain controller (DC) active directory: Site1 with DC1, site2 with DC2 and site3 with DC3.
The ACS application resides in Site3 and is configured to use DC3 for authentication. We have a user "user1" with a password of "123".
User1 decides to call the helpdesk and changes his password to "456".
The helpdesk uses DC1 to make password changes because they are located in site1. For a period of time (based on replication, which defaults to 3 hours between sites) the 123 password and the 456 password will be
If the user1 user tries the "123" password it will work until DC3 receives the changed password from normal replication. If user1 tries to use 456, DC3 will flag this as a wrong password, and then check the PDC
emulator of the domain to see if it has received a newer password. The PDC emulator will validate the login, and then trigger an immediate replication with DC3.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...