Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Question about TACACS using Windows Active Directory

Hi,

We use TACACS on a Cisco ACS box to authenticate logins and authorize commands for our infrastructure devices. When users log into a router/switch they are authenticated against the infrastructure team's Windows active directory domain username and passwords which is an option within ACS. Windows Active Directory has passwords expire after a certain period of time for security purposes. However, you will not realize that your password has expired until you log into a windows based device on the domain. If someone only logs into routers and switches they only receive an authentication failure message and nothing about their Windows passwords needing to be reset or changed when it has expired. Is there some feature or some command that can be put in place to allow windows password expirations to be relayed via TACACS to a Cisco device so the user is aware? Taking it one step further is there a way to reset/change the password on the Cisco device itself?

TIA,

Sundar

2 REPLIES
Silver

Re: Question about TACACS using Windows Active Directory

Hi

Lost count of how many customers asked for this one!

Unfortunately the CHPASS T+ request is only supported by the ACS internal database - and not external ones :(

This could (and should) be addressed. I can only advise you to speak the ACS marketing.

Darran

Re: Question about TACACS using Windows Active Directory

Darran,

I was able to find the information on CCO myself earlier.

Anway, thanks for your response!!

Rgds,

Sundar

621
Views
4
Helpful
2
Replies
CreatePlease to create content