Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

If you have ACS using AD for priv-1, how do you set the ENABLE password?

I am trying to figure this out and not getting anywhere. I want to have acs use windows AD for authentication. Then I want the AD authed user to have priv-1 access. Then type 'enable' to gain enable access to the device if they have the enable password. I want the enable password to be centrally stored on the acs server, so that it is centrally managed for all devices. Where do I do this?

I know you can go to each user individually and configure them for a static enable password, but that is NOT what I am looking for. Any help would be great.

Thanks all - J

Cisco Employee

Re: If you have ACS using AD for priv-1, how do you set the ENAB


Enable password can only be the following three :-

1. User's Login password which is set in ACS

2. A Static password defined for every user

3. The External db password.

We cannot have any "centrally set" enable password for every device.



New Member

Re: If you have ACS using AD for priv-1, how do you set the ENAB

Thanks. Given those options how would I be able to do this for users that are ONLY in the windows AD DB? We have NO user accounts in the internal acs db to statically configure passwords.

Although a user account is dynamically created by acs after someone logs in, but I am not sure how long this is cached and if it is wise to put the enable password in this dynamic account that may dissappear?? Thoughts?



CreatePlease login to create content