Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

If you have ACS using AD for priv-1, how do you set the ENABLE password?

I am trying to figure this out and not getting anywhere. I want to have acs use windows AD for authentication. Then I want the AD authed user to have priv-1 access. Then type 'enable' to gain enable access to the device if they have the enable password. I want the enable password to be centrally stored on the acs server, so that it is centrally managed for all devices. Where do I do this?

I know you can go to each user individually and configure them for a static enable password, but that is NOT what I am looking for. Any help would be great.

Thanks all - J

2 REPLIES
Cisco Employee

Re: If you have ACS using AD for priv-1, how do you set the ENAB

Hi,

Enable password can only be the following three :-

1. User's Login password which is set in ACS

2. A Static password defined for every user

3. The External db password.

We cannot have any "centrally set" enable password for every device.

Regards,

Vivek

New Member

Re: If you have ACS using AD for priv-1, how do you set the ENAB

Thanks. Given those options how would I be able to do this for users that are ONLY in the windows AD DB? We have NO user accounts in the internal acs db to statically configure passwords.

Although a user account is dynamically created by acs after someone logs in, but I am not sure how long this is cached and if it is wise to put the enable password in this dynamic account that may dissappear?? Thoughts?

Thanks.

-j

122
Views
0
Helpful
2
Replies
CreatePlease login to create content