I'm moving our ACS from 4.2.1 to 5.5 and I'm not having problems with most of it. In fact, I like most of the changes in ACS 5.5. One thing I'm stumped on (for now).
In ACS 4.2.x, we can create a user, have that user authenticate with AD, LDAP, internal, whatever. We can do that in 5.5 as well. The difference is that on ACS 5.5, if the user is configured to authenticate with other than an internally configured password, the "enable password" boxes are greyed out. Seems the system forces the user to use the same password for the enable password on a switch/router/whatever.
Is there a way in ACS 5.5 to manually enter a unique enable password for a user, yet allow that user to authenticate via an external source? As in ACS 4.2? It could be I just haven't found the workaround yet.
Thanks for the response, but I'm afraid I don't quite understand your solution. I think some of the grammar in the response is tripping me up.
The user's ACS enable password is disabled for entry if the user is configured to authenticate with an external source, so where exactly is the enable password defined on ACS? The screenshot and explanation in the solution doesn't make that at all clear to me.
The user should be present in both the databases (ACS internal and Active directory). You need to select the internal database while creating a user. The login password could be anything because it's not gonna check.
User login: XXXX
Password: XXXX -----> This password will be checked against the external identity store like AD.
password: XXXX ----> This password with be checked against ACS internal database.
In those screen shots you will see an option to select the identity source.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...