I want to setup my ACS to prompt users to change their password say every "X" days. I created a test group and put my account in there and under "Password Aging Rules" I have the following:
Active period = 2 days
Warning period = 1 days
Grace period = 1 days
"Apply age-by-uses rules"
Issue warning after 1 logins *
Require change after 3 logins *
Shouldn't that prompt the user to change the password after 2 days and give a warning for 1 day and 1 grace-period of 1 day and if the user doesn't change the password by then (4 days) the account is locked?
I'm trying to use with wireless users -is this a problem?
When the password expiry feature is used for users located on the CiscoSecure ACS local database, the CiscoSecure Authentication Agent (CAA) must be installed in order for the password aging rule to work. The CAA is located on the CiscoSecure ACS installation CD in the ACS Utilities folder. Refer the following URL
Hello and thanks for your reply. If I read the pdf correctly, since we want to use the Password Aging feature and our dbase is the local ACS database we would not need to run the Auth Agent Configurator in step #3 of page 2.
We would just install the software (CAA) starting with page #3 and reboot, right?
ACS supports four different password aging methods:
.PEAP and EAP-FAST Windows Password Aging-Users must be in the Windows user database and be using a Microsoft client that supports EAP, such as Windows XP. For information on the requirements and configuration of this password aging mechanism, see Enabling Password
Aging for Users in Windows Databases.
.RADIUS-based Windows Password Aging-Users must be in the Windows user database and be
using the Windows Dial-up Networking (DUN) client. For information on the requirements and configuration of this password aging mechanism, see Enabling Password Aging for Users in Windows Databases.
.Password Aging for Device-hosted Sessions-Users must be in the CiscoSecure user database, the AAA client must be running TACACS+, and the connection must use Telnet. You can control the ability of users to change passwords during a device-hosted Telnet session. You can also control whether Cisco Secure ACS propagates passwords changed by this feature. For more information, see Local Password Management.
.Password Aging for Transit Sessions-Users must be in the CiscoSecure user database. Users must use a PPP dialup client. Further, the end-user client must have CiscoSecure
So from what you stated here we have users in the local ACS database and I want to do password aging which I described in earlier thread. You mentioned telnet, we are authenticating via Radius port 1645, so will this work?
If I install this could it possible prevent my ACS from functioning the way it currently does?
I'm pretty new to ACS so I want to minimize downtime/risks.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...