topic ACS - Console access request for password reset ?? in Network Access Control https://community.cisco.com/t5/network-access-control/acs-console-access-request-for-password-reset/m-p/917418#M408652 <P>G'day All </P><P></P><P>Hope someone can answer this question for me.</P><P>I am auth'ing a number of 6500's + 4500's switches to a pair of acs appliances, if I telnet or ssh to the switches, all is good and I never get requested for a password request, but if I log in via console it almost always wants me to reset my account password ?</P><P>As I have 2 accounts I can use, if I alternate between both of them it will eventually let me in with out reseting any passwords.</P><P>Why is this ? and why does it only affect console access ? </P><P>Below is my config : </P><P>aaa group server tacacs+ AAA-TAC</P><P> server 10.5.x.x</P><P> server 10.5.x.x</P><P>!</P><P>aaa authentication login default group AAA-TAC local-case</P><P>aaa authentication enable default group AAA-TAC enable</P><P>aaa authorization exec default group AAA-TAC if-authenticated </P><P>aaa accounting commands 15 default start-stop group AAA-TAC</P><P></P><P>Any suggestions would be great, as it is really bugging me.</P><P></P><P>Thanks.</P> Sun, 10 Mar 2019 22:26:28 GMT mgrollo1972 2019-03-10T22:26:28Z ACS - Console access request for password reset ?? https://community.cisco.com/t5/network-access-control/acs-console-access-request-for-password-reset/m-p/917418#M408652 <P>G'day All </P><P></P><P>Hope someone can answer this question for me.</P><P>I am auth'ing a number of 6500's + 4500's switches to a pair of acs appliances, if I telnet or ssh to the switches, all is good and I never get requested for a password request, but if I log in via console it almost always wants me to reset my account password ?</P><P>As I have 2 accounts I can use, if I alternate between both of them it will eventually let me in with out reseting any passwords.</P><P>Why is this ? and why does it only affect console access ? </P><P>Below is my config : </P><P>aaa group server tacacs+ AAA-TAC</P><P> server 10.5.x.x</P><P> server 10.5.x.x</P><P>!</P><P>aaa authentication login default group AAA-TAC local-case</P><P>aaa authentication enable default group AAA-TAC enable</P><P>aaa authorization exec default group AAA-TAC if-authenticated </P><P>aaa accounting commands 15 default start-stop group AAA-TAC</P><P></P><P>Any suggestions would be great, as it is really bugging me.</P><P></P><P>Thanks.</P> Sun, 10 Mar 2019 22:26:28 GMT https://community.cisco.com/t5/network-access-control/acs-console-access-request-for-password-reset/m-p/917418#M408652 mgrollo1972 2019-03-10T22:26:28Z Re: ACS - Console access request for password reset ?? https://community.cisco.com/t5/network-access-control/acs-console-access-request-for-password-reset/m-p/917419#M408653 <HTML><HEAD></HEAD><BODY><P>I think its just a coincidence that you are only getting password change prompt when you are accessing device from console.</P><P></P><P>Check the ACS server, check the group/user settings, whether you have any password aging policy applied or not? that should give you some direction. Other then that, there is no such thing as password change when connection is initiated from Console.</P><P></P><P>Regards,</P><P>Prem</P></BODY></HTML> Sat, 13 Oct 2007 17:06:12 GMT https://community.cisco.com/t5/network-access-control/acs-console-access-request-for-password-reset/m-p/917419#M408653 Premdeep Banga 2007-10-13T17:06:12Z