Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Q: Error Configuring Password Policy in CLI

Hi Guys,

 

Good Day!

 

I need help to disable some settings in the password policy via CLI. I always got the error message below when I tried it even though I don't have any secondary node. I'm just using one ISE 1.2 standalone.

Error Message:

% Error: Configuration changes ignored. Password policy is replicated from ISE administration node.  Please set CLI password policy using the ISE web UI on the primary administration node.

The main issue is that my GUI password always expired whenever I did not access it for a long time (approximately a month) so I tried to disabled the settings via GUI however, it is still the same. 

Thanks for the help!

 

Cheers,

 

Nikko

Everyone's tags (1)
5 REPLIES
Cisco Employee

In the GUI go to

In the GUI go to "Administration > Admin Access > Authentication > Password Policy Tab" There you can adjust all of the password settings that you are referring to. 

 

Thank you for rating helpful posts! 

Thank you for rating helpful posts!
New Member

Hi Neno,Good Day!Thanks for

Hi Neno,

Good Day!

Thanks for the reply however, I already adjusted it but the GUI credentials always expires when I don't logged-in for a long time.

Thanks for the help in advance.

niks

New Member

The only option you have is

The only option you have is to remove the administrator passwords expire option from the GUI, or you can increase to the maximum limit which is 3650 days.

Once you un-check the box from the settings, then also it will be removed from the CLI configuration.

Cisco Employee

What patch are you running on

What patch are you running on your deployment? Also:

1. Make sure your node is set to "standalone"

2. You don't see any other nodes in the deployment window

 

Thank you for rating helpful posts! 

Thank you for rating helpful posts!
New Member

In version 1.2.1, you cannot

In version 1.2.1, you cannot change the CLI password expiry from the CLI. It has to be done from the Admin GUI.

Administration -> System -> Admin Access -> Authentication -> Password Policy

Then disable /untick Suspend or Lock Account with Incorrect Login Attempts

After that you can confirm the settings via show run command in CLI.

If you have multiple ISE servers, this will apply to all of the at once.

- See more at: https://supportforums.cisco.com/discussion/11686231/how-disable-ise-cli-password-expiration#sthash.RGQLAPNj.dpuf

269
Views
0
Helpful
5
Replies
CreatePlease login to create content