https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553912#M326278 <HTML><HEAD></HEAD><BODY><P>Patch is already available and can be downloaded from CCO (need to upgrade to ACS 5.2 first)</P></BODY></HTML> Wed, 06 Apr 2011 10:53:30 GMT jrabinow 2011-04-06T10:53:30Z https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553906#M326272 <P>Hi</P><P>I am looking for a way how to set the password-rules for individually for for some users or identity-groups.</P><P>I just can find the global settings</P><P></P><P>Background of the requirement: We want to use password-aging for most admin-users, for some we dont want that pw expires</P><P>(e.g. NMS-Users ect)</P><P></P><P>Thx</P><P>Hubert </P> Mon, 11 Mar 2019 00:27:02 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553906#M326272 HUBERT RESCH 2019-03-11T00:27:02Z https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553907#M326273 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>I dont see any way you can do that per use level, the only place where&nbsp; you can change authentication settings is :</P><TABLE border="0" cellspacing="0" class="cuesBreadcrumbTable" id="cuesBreadcrumbTable"><TBODY><TR><TD><SPAN class="cuesBreadcrumbStatic">System Administration</SPAN> &gt; </TD><TD class="cuesBreadcrumbMore" style="display: none;">... &gt; </TD><TD title="Users"><SPAN class="cuesBreadcrumbStatic">Users</SPAN> &gt; </TD><TD><SPAN class="cuesBreadcrumbLast">Authentication Settings</SPAN></TD></TR></TBODY></TABLE><P></P><P><BR />and thats appliacable to all users</P><P></P><P>Thanks</P><P>Waris Hussain.</P></BODY></HTML> Wed, 29 Sep 2010 21:14:21 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553907#M326273 Waris Hussain 2010-09-29T21:14:21Z https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553908#M326274 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>sorry to raise this old thread but... we have the same requirement - to be able to tune password rules settings for specific user accounts.</P><P></P><P>I would call this a feature request... Can we have a comment if this feature is ever likely to appear in future ACS releases?</P><P></P><P>Thanks.</P></BODY></HTML> Wed, 06 Apr 2011 09:15:54 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553908#M326274 MATIJA PETROVIC 2011-04-06T09:15:54Z https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553909#M326275 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Yes this would be considered as PER.</P><P>Currently there are no plans for this to be implemented for specifc accounts only, it is possible though in a global way.</P><P></P><P>HTH,</P><P>Tiago</P><P></P><DIV class="jive-rendered-content"><DIV class="jive-rendered-content"><P>--</P><P>If&nbsp; this helps you and/or answers your question please mark the question as&nbsp; "answered" and/or rate it, so other users can easily find it.</P></DIV></DIV></BODY></HTML> Wed, 06 Apr 2011 09:36:45 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553909#M326275 Tiago Antunes 2011-04-06T09:36:45Z https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553910#M326276 <HTML><HEAD></HEAD><BODY><P>You can disable password aging for specific users</P><P></P><P>Need to upgrade to ACS 5.2 and install cummulative patch 5.2.0.26.2 patch or higher that includes the following enhancement</P><P><SPAN class="nobr"><A href="http://wwwin-metrics.cisco.com/cgi-bin/ddtsdisp.cgi?id=CSCtk32178" rel="nofollow">CSCtk32178</A>: Add an option for pass never expired for specific users </SPAN></P><P><SPAN class="nobr"></SPAN></P><P><SPAN class="nobr">There are other threads on this subject that provide more details. When install the patch it includes a document that defines how to configure this</SPAN></P><P><SPAN class="nobr"></SPAN></P><P><SPAN class="nobr">If need more details let me know</SPAN></P></BODY></HTML> Wed, 06 Apr 2011 09:42:32 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553910#M326276 jrabinow 2011-04-06T09:42:32Z https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553911#M326277 <HTML><HEAD></HEAD><BODY><P>unfortunately this bug is not visible,</P><P>do you know when this Patch will be available ?</P><P></P><H6 class="alt-2">CSCtk32178 Bug Details</H6><P><TABLE border="0" cellpadding="5" cellspacing="2" width="100%"><TBODY><TR><TD style="font-size: 88%; padding: 8px;"><SPAN style="color: #ff0000;">This bug ID CSCtk32178 currently has no detailed information associated with it. Please add this bug ID to your watch group, which will notify our system administrators of your interest in this bug. Bug Toolkit will then notify you of any changes to this bug in the future.<BR /><BR /></SPAN></TD></TR></TBODY></TABLE></P></BODY></HTML> Wed, 06 Apr 2011 10:03:45 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553911#M326277 HUBERT RESCH 2011-04-06T10:03:45Z https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553912#M326278 <HTML><HEAD></HEAD><BODY><P>Patch is already available and can be downloaded from CCO (need to upgrade to ACS 5.2 first)</P></BODY></HTML> Wed, 06 Apr 2011 10:53:30 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553912#M326278 jrabinow 2011-04-06T10:53:30Z https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553913#M326279 <HTML><HEAD></HEAD><BODY><P>Hi, I did an upgrade to</P><P></P><P></P><P>Version : 5.2.0.26.3</P><P><TABLE border="0" cellspacing="0" dir="ltr" width="624"><TBODY><TR><TD colspan="2" valign="bottom" width="43%"><P dir="ltr"><BR />Company Name : customer <BR /><BR />User : hresch <BR />Internal Build ID : B.3075</P></TD><TD valign="bottom" width="57%"> </TD></TR><TR><TD valign="top" width="21%"><P dir="ltr">Patches :</P></TD><TD valign="middle" width="23%"><P dir="ltr">5-2-0-26-1 <BR />5-2-0-26-2 <BR />5-2-0-26-</P></TD><TD valign="bottom" width="57%"> </TD></TR></TBODY></TABLE></P><P></P><P>but I cannot see any change in the User-configuration, now way to set that password never expires or so ?</P><P></P><P>KR</P><P>Hubert</P></BODY></HTML> Thu, 07 Apr 2011 07:19:53 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553913#M326279 HUBERT RESCH 2011-04-07T07:19:53Z https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553914#M326280 <HTML><HEAD></HEAD><BODY><P>There are no new specific options you will see in the GUI. It is enabled by created attributes for internal users</P><P></P><P>This functionality is enabled as follows:</P><P>- <SPAN style="font-family: arial,helvetica,sans-serif;">In : System Administration &gt; Configuration &gt; Dictionaries &gt; Identity &gt; Internal Users add Boolean attribute ACS</SPAN><SPAN style="font-size: 10pt;"><SPAN style="font-family: arial,helvetica,sans-serif;"><SPAN><SPAN>‐</SPAN></SPAN>RESERVED<SPAN><SPAN>‐</SPAN></SPAN>Never<SPAN><SPAN>‐</SPAN></SPAN></SPAN><SPAN style="font-family: arial,helvetica,sans-serif;">Expired and set its default value to "false".</SPAN></SPAN><SPAN style="font-size: 12pt;"> </SPAN></P><P><SPAN style="font-size: 12pt;">- <SPAN style="font-size: 12pt;"><SPAN style="font-size: 10pt;">Set this user attribute to be true in the internal user definitions of those users whose password should never expire.</SPAN> </SPAN></SPAN></P><P></P><P><SPAN style="font-size: 10pt; ">There should be a pdf doc included together with the readme</SPAN></P></BODY></HTML> Thu, 07 Apr 2011 09:21:10 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553914#M326280 jrabinow 2011-04-07T09:21:10Z https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553915#M326281 <HTML><HEAD></HEAD><BODY><P>Thanks a lot now it works! Great !</P><P></P><P>Btw is there a way to do this as well for the administrative users ?</P><P></P><P>KR</P><P>Hubert</P></BODY></HTML> Thu, 07 Apr 2011 12:28:45 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553915#M326281 HUBERT RESCH 2011-04-07T12:28:45Z https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553916#M326282 <HTML><HEAD></HEAD><BODY><P>This specific mechanism does not apply to administrators.</P><P></P><P>However, administrative accounts already have the followig option that can be selected</P><P>:</P><P></P><P><INPUT id="accountNeverDisabled" maxlength="2147483647" name="accountNeverDisabled" onclick="" size="20" type="checkbox" value="on" /> <LABEL for="accountNeverDisabled">Account never disabled </LABEL></P><P><LABEL for="accountNeverDisabled"></LABEL>Overwrites account blocking in case password expired, account inactivity<BR />period reached or admin exhausted permitted failed attempt</P></BODY></HTML> Thu, 07 Apr 2011 12:33:02 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-password-rules-settings-per-internal-user/m-p/1553916#M326282 jrabinow 2011-04-07T12:33:02Z