Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Password Aging for Win NT

I have some apparently conflicting requirements that I would like to confirm with the more experienced ACS folks:

1. All users will authenticate via the external Win NT database

2. The users are in two classes:

- dial up users

- LAN users

3. Password aging will be enabled in the Windows domain

4. I want to create a user group with command permissions (ie a monitor group that cannot change a config but can reload the box)

5. I want to have the admin people log in at a non-enabled level and enter a different password to reach the enable mode.

As far as I can tell requirement 3 can only be done with RADIUS and 4 and 5 require TACACS+

3 REPLIES
Silver

Re: Password Aging for Win NT

Hi,

Yes, your are correct ! Requirement 1 & 2 can be fullfilled by both tacacs+ or radius.

Requirement 3 requires radius. Here is the link :

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080102176.html#81785

And of course, 4 & 5 require tacacs+.

Thanks,

Mynul

New Member

Re: Password Aging for Win NT

I have created separate AAA clients within ACS for each NAS: one supports TACACS and one supports RADIUS so that I can authenticate the PPP connections with RADIUS and the admin logins to the NAS with TACACS. So far this seems to be working well.

Silver

Re: Password Aging for Win NT

Great ! Thanks,

Mynul

129
Views
0
Helpful
3
Replies
CreatePlease to create content