Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

notification to users that password will expire

Is there a way users can be notified that password from ACS will expire, when password aging rules is activated?

4 REPLIES

Re: notification to users that password will expire

Are the users doing telnet/ssh or are doing vpn/dial in/wireless access etc ?

What is the version of ACS ?

Regards,

Prem

New Member

Re: notification to users that password will expire

Hi Prem,

ACS version is 4.1

My customer would like to have notification for all users, vpn/dial up/administrators...

Regards,

Dragana

Re: notification to users that password will expire

I would like to know how user are joining the network ? ( like if users are logging via

telnet or VPN or PPP ) ACS supports four different password aging methods:

.PEAP and EAP-FAST Windows Password Aging-Users must be in the Windows user database and be using a Microsoft client that supports EAP, such as Windows XP. For information on the requirements and configuration of this password aging mechanism, see Enabling Password Aging for Users in Windows Databases.

.RADIUS-based Windows Password Aging-Users must be in the Windows user database and be

using the Windows Dial-up Networking (DUN) client. For information on the requirements and configuration of this password aging mechanism, see Enabling Password Aging for Users in Windows Databases.

.Password Aging for Device-hosted Sessions-Users must be in the CiscoSecure user database, the AAA client must be running TACACS+, and the connection must use Telnet. You can control the ability of users to change passwords during a device-hosted Telnet session. You can also control whether Cisco Secure ACS propagates passwords changed by this feature. For more information, see Local Password Management.

.Password Aging for Transit Sessions-Users must be in the CiscoSecure user database. Users must use a PPP dialup client. Further, the end-user client must have CiscoSecure

Authentication Agent (CAA) installed.

---> please also check:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs

33/user/g.htm#wp479534

Regards,

~JG

Do rate helpful posts

New Member

Re: notification to users that password will expire

Hi JG,

my customer is using vpn, ppp dial in access with RADIUS, ssh/telnet with TACACS and local ACS data base. For all groups password aging is already applied.

They asked me if there is some way ACS database can be accessed and used by some custom made applicaton or script, so e-mail notification can be sent to users notifying them that there is X days until password expires.

Regards,

Dragana

229
Views
0
Helpful
4
Replies