https://community.cisco.com/t5/network-access-control/cs-acs-user-password-change-reminder/m-p/1707343#M238395 <HTML><HEAD></HEAD><BODY><P>I think there is an enhancement for this in patch 5.2.0.26.2&nbsp; and higher that includes the following:</P><P><SPAN class="nobr">CSCtk32168: Add an option to change password when password expires (T+ and Radius) </SPAN></P><P><SPAN class="nobr"></SPAN></P><P><SPAN class="nobr">After this patch is installed you get an option in the user authentication settings to either:</SPAN></P><P><SPAN class="nobr">- Disable user account</SPAN></P><P><SPAN class="nobr">- Expire the password</SPAN></P><P><SPAN class="nobr">When expiry period is exceeded</SPAN></P><P><SPAN class="nobr"></SPAN></P><P><SPAN class="nobr">If password is expired then user will be prompted to change password on next authentication</SPAN></P><P><SPAN class="nobr"></SPAN></P><P><SPAN class="nobr">Note that latest patch for 5.2 is 5.2.0.26.4. All patches are cumulative</SPAN></P></BODY></HTML> Fri, 06 May 2011 10:03:47 GMT jrabinow 2011-05-06T10:03:47Z https://community.cisco.com/t5/network-access-control/cs-acs-user-password-change-reminder/m-p/1707342#M238384 <P><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:Arial; mso-bidi-theme-font:minor-bidi;} </style> <![endif]--></P><P class="MsoNormal">We installed CiscoSecure Access Control System 5.2 appliance and we are facing the following technical issue:</P><P></P><P class="MsoListParagraph" style="margin-left: 18pt; text-indent: -18pt;"><SPAN><SPAN>-<SPAN style="font: 7pt &amp;quot;Times New Roman&amp;quot;;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN>When we create a user on ACS (not an administrator, but a normal user to access Network Devices), we are setting the <SPAN class="content"><STRONG>Disable user account after </STRONG></SPAN><EM><STRONG style="sans-serif&amp;quot: ; font-family: &amp;quot; ,&amp;quot: ; Calibri&amp;quot: ; ">n</STRONG></EM><SPAN class="content"><STRONG> days if password is not changed</STRONG> to 90 days and the <STRONG>Display reminder after </STRONG></SPAN><EM><STRONG style="sans-serif&amp;quot: ; font-family: &amp;quot; ,&amp;quot: ; Calibri&amp;quot: ; ">n</STRONG></EM><SPAN class="content"><STRONG> days</STRONG> after 80 days; in the Cisco Documentation (<A href="http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/users_id_stores.html#wp1131174" target="_blank">http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/users_id_stores.html#wp1131174</A>) it states that for the <STRONG>Display reminder after </STRONG></SPAN><EM><STRONG style="sans-serif&amp;quot: ; font-family: &amp;quot; ,&amp;quot: ; Calibri&amp;quot: ; ">n</STRONG></EM><SPAN class="content"><STRONG> days</STRONG> field, the description is : <STRONG>Displays a reminder after</STRONG></SPAN><EM><STRONG style="sans-serif&amp;quot: ; font-family: &amp;quot; ,&amp;quot: ; Calibri&amp;quot: ; "> n</STRONG></EM><SPAN class="content"><STRONG> days to change password; the valid options are 1 to 365. This option, when set, only displays a reminder. It does not prompt you for a new password.</STRONG> My question is the following: <SPAN style="color: red;">how will the user be notified if we cannot add an email to users and this user has only access privileges to Network Devices ?</SPAN></SPAN></P><P></P><P class="MsoListParagraph" style="margin-left: 18pt; text-indent: -18pt;"><SPAN><SPAN>-<SPAN style="font: 7pt &amp;quot;Times New Roman&amp;quot;;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></SPAN>The Users are being disabled after 90 days because they received no reminder and they have to manually reset their passwords everytime.</P> Mon, 11 Mar 2019 01:03:59 GMT https://community.cisco.com/t5/network-access-control/cs-acs-user-password-change-reminder/m-p/1707342#M238384 f.hayeck 2019-03-11T01:03:59Z https://community.cisco.com/t5/network-access-control/cs-acs-user-password-change-reminder/m-p/1707343#M238395 <HTML><HEAD></HEAD><BODY><P>I think there is an enhancement for this in patch 5.2.0.26.2&nbsp; and higher that includes the following:</P><P><SPAN class="nobr">CSCtk32168: Add an option to change password when password expires (T+ and Radius) </SPAN></P><P><SPAN class="nobr"></SPAN></P><P><SPAN class="nobr">After this patch is installed you get an option in the user authentication settings to either:</SPAN></P><P><SPAN class="nobr">- Disable user account</SPAN></P><P><SPAN class="nobr">- Expire the password</SPAN></P><P><SPAN class="nobr">When expiry period is exceeded</SPAN></P><P><SPAN class="nobr"></SPAN></P><P><SPAN class="nobr">If password is expired then user will be prompted to change password on next authentication</SPAN></P><P><SPAN class="nobr"></SPAN></P><P><SPAN class="nobr">Note that latest patch for 5.2 is 5.2.0.26.4. All patches are cumulative</SPAN></P></BODY></HTML> Fri, 06 May 2011 10:03:47 GMT https://community.cisco.com/t5/network-access-control/cs-acs-user-password-change-reminder/m-p/1707343#M238395 jrabinow 2011-05-06T10:03:47Z