Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

User change his password after first login in ACS 4.1

How can I force the users of my ACS to change thier passwords after the first login??

6 REPLIES
Silver

Re: User change his password after first login in ACS 4.1

I do not think Cisco ACS can do that by itself.

What you can do is to use "external database"

for authentication such as RSA SecurID, with

ACS integration. It does work, as seen

below:

[root@LinuxES root]# telnet 192.168.1.4

Trying 192.168.1.4...

Connected to 192.168.1.4 (192.168.1.4).

Escape character is '^]'.

User Access Verification

Username: test1

Enter PASSCODE:

Enter your new Numerical PIN, containing 4 to 8 digits

or

"x" to cancel the new PIN procedure:

Reenter PIN:

BGP_Trigger>

CCIE Security

Community Member

Re: User change his password after first login in ACS 4.1

Can we do this if we integrate between ACS and the Windows Domain controller? the RSA is not available now.

appreciate your help. Thanks.

Silver

Re: User change his password after first login in ACS 4.1

do not quote me on this but according to what

I've tested about 6 months, it does not work

with Active Directory, from what I've tried

to accomplished; i.e. telnet to the router

with AD accounts proxy from ACS.

Maybe I did not setup the AD server correctly,

unlikely, but from what I've tested, it does

not work with Cisco IOS when telneting into

a cisco device.

Re: User change his password after first login in ACS 4.1

Hi,

You can configure password aging on ACS for ACS users, or (as in your case) you configure

password aging on your Windows Active

Directory database.

Please take a look at this document below, as I believe it provides the required

information you need to properly configure password aging for your Windows users in ACS:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs

33/user/g.htm#wp479732

To support password-aging using Windows active directory we need to have AAA client

configured for radius.

Below link gives more information on this.

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs

33/user/g.htm#wp479732

For password expiry to work with tacacs we need to have the username and passwords

configured locally on the ACS server.

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs

33/user/o.htm#wp792652

Regards.

~JG

Do rate helpful posts

Re: User change his password after first login in ACS 4.1

RADIUS Password Expiry is supported with External windows database using MS-CHAPv2. We cannot use RADIUS Password Expiry with local ACS database

Community Member

Re: User change his password after first login in ACS 4.1

Thanks you all for your precious suuport.

I found a link that can help in this without integrating with any thing. I though to send it to you all in case you need this in the future.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/installation/guide/passwords/ucp.html

Thanks.

394
Views
0
Helpful
6
Replies
CreatePlease to create content