Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.1 Problem with Changing Password on Next Login


I am using ACS as tacacs server for user athentication & authorization on an ASA 5520 firewall with software 8.2(4).

I created a new internal user. I want that user to change his password on next login. Therefore, i checked the box next to "Change password on next login".

The problem is that authentication is failing for the newly created user. It does not even go for the password changing procedure (enter old password...).

The failure reason i am getting on the real time TACACS dashboard i created in the Monitoring and Reports section is: User was marked to change password in Internal database

In the aaa Catalog Failure Reason it appeared that the above failure has the 24203 code and the Resolution Step was given as the following:

Check if the User account is set to change password in the Internal  database. If the User cannot change the password check for more failures  under the 'Steps' detailed report.

However, i made sure that the new internal user has the checkbox checked next to "Change password on next login".

Did anyone face this problem before?

Any additional commands should be configured on the ASA5520 firewall?


CreatePlease login to create content