topic ACS query in Network Access Control

ACS query

Jonn cos — Mon, 11 Mar 2019 02:39:29 GMT

Hi all.

We have dialup users that are connecting to our portal for uploading/downloading credit information. We are currently using ACS 3.3. There is a requirement that, initially we provide clients with their username/password, but we want to enforce the policy that when the user logs in first time, he should be prompted (forcefully) to change his password.

1) Can this be done in ACS 3.3. I know its outdated but if anyone knows then pls tell me

2) What solution shall be used in this case ? can it be done in ACS 5.3 ?

Kindly guide me

ACS query

Jonn cos — Thu, 11 Oct 2012 04:33:13 GMT

pls someone

ACS query

drstanic — Thu, 11 Oct 2012 04:55:19 GMT

Hi John,

You can enable password expiry for the users that login for the first time so that they are asked to change their password when they login for the first time.

For this, you will have to enable 'Password Aging Rules' on the ACS (this is applied on a group basis).

To enable Password Aging Rules:

ACS > Group Setup > Select the group and click edit settings >Password Aging Rules > check the 'Apply password change rule' box

This will force the user to change the password on the first log-in after an administrator has changed it.

Please note that if you do not see the option 'Password Aging Rules', then you will have to enable it from:

Interface Configuration > Advanced Options > Group-Level Password Aging.

Just as an FYI, support for ACS 3.3 ended in 2009. Reference: EOS/EOL Notice for ACS 3.3:http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps2086/prod_end-of-life_notice0900aecd80420b67.html

ACS 5.3 also allows you to force users to change their password on the next login. In ACS 5.3 this setting is located on the users's password change page. To force a user to change their passwod on next login:

Users and Identity Stores >

Internal Identity Stores >

Users

Check the box next to the relevant username

Click the "Change Password" button

Check the box next to "Change password on next login"

Click the "Submit" button

Let me know if that helps.

Regards,

Dragana

ACS query

Jonn cos — Thu, 11 Oct 2012 05:11:23 GMT

Sir i will check it today. I just want to know one thing more. When you said that it will force the user to change the password on their first login, did you mean that it will give them any banner/prompt that they need to change the password or do we need to tell them manually (like via email or something)

ACS query

nkarthikeyan — Thu, 11 Oct 2012 16:24:01 GMT

Hi John,

It is very difficult and not so that handy when it comes for ACS 3.3 version.

You can refer the below document for password rules in ACS and its explainations..

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/3.3/user/guide/g.html#wp16647

Refer the below discussion about ACS 3.3 for VPN users Password rules which is well explained.

https://supportforums.cisco.com/thread/216075

Hope this helps.

ACS 5.x version you can set this without any issues.

Please do rate if the given information helps.

Karthik

ACS query

Jonn cos — Tue, 16 Oct 2012 06:32:57 GMT

Sir, when you said it can be done in ACS 5, then are you talking about forcefully prompt the user to change the password ?

Kindly let me know, and sorry for the delayed response