https://community.cisco.com/t5/network-security/ips-sensors-and-radius-authentication/m-p/1581778#M65851 <HTML><HEAD></HEAD><BODY><P><STRONG>* Which special characters have you tried? </STRONG></P><P><STRONG>* What position in the password are you inserting the special characters?</STRONG></P><P></P><P>I've run into issues before on Cisco equipment (but not necessarily IDS-IPS), where they had issues with certain special characters being used for passwords/shared secrets.&nbsp; I usually try to stay away from using @, #, %, and &amp;.&nbsp; I've also seen problems with using special characters as the first or last character in a password/secret.</P><P></P><P>Other than that ...</P><P></P><P></P><P>You mention that the password has a problem with "the built in acceptable password policy", and that it's not actually attempting RADIUS authentication.&nbsp; So, the user successfully configures their password via their A/D account to include special characters.&nbsp; Then, when logging in to the IPS, after entering those credentials, it gives some kind of <STRONG>*local*</STRONG> error on the IPS regarding the password?</P><P></P><P><STRONG>*Can you provide the error message you're seeing, either from the device logs, or the error given to the user?</STRONG></P><P></P><P>I was under the impression that the built-in password policy was only used to verify passwords when they were changed or created.&nbsp; If anything, that policy should not be applied at all when RADIUS authentication is enabled.&nbsp; But, I could be wrong about that.</P><P></P><P></P><P>You might want to check the <A href="http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs">Bug Toolkit on CCO</A> for any related bugs already opened.&nbsp; The IPS release notes don't include open caveats for each release, only resolved ones.</P></BODY></HTML> Tue, 11 Jan 2011 06:52:38 GMT mikecrowe4ICS_2 2011-01-11T06:52:38Z https://community.cisco.com/t5/network-security/ips-sensors-and-radius-authentication/m-p/1581777#M65850 <P>Does any one know what constitutes acceptable password characters on version 7.0(4)E4 of the IPS Software?</P><P></P><P>I'm in the process on testing the sensors with RADIUS authentication against ACS version 4.2. ACS backs of to</P><P>Microsoft AD for accounts and passwords.</P><P></P><P>When the password is simple i.e. Uppercase / Lowercase / Numerals the authentication works fine. However</P><P>if a user has "special" characters the authentication process does not try RADIUS but seems to fall foul</P><P>of the built in acceptable password policy.</P><P></P><P>I know I can change the password policy but this only relates to the number of characters from each type rather</P><P>than the acceptable characters.</P> Sun, 10 Mar 2019 12:13:53 GMT https://community.cisco.com/t5/network-security/ips-sensors-and-radius-authentication/m-p/1581777#M65850 UKFNISNetworks 2019-03-10T12:13:53Z https://community.cisco.com/t5/network-security/ips-sensors-and-radius-authentication/m-p/1581778#M65851 <HTML><HEAD></HEAD><BODY><P><STRONG>* Which special characters have you tried? </STRONG></P><P><STRONG>* What position in the password are you inserting the special characters?</STRONG></P><P></P><P>I've run into issues before on Cisco equipment (but not necessarily IDS-IPS), where they had issues with certain special characters being used for passwords/shared secrets.&nbsp; I usually try to stay away from using @, #, %, and &amp;.&nbsp; I've also seen problems with using special characters as the first or last character in a password/secret.</P><P></P><P>Other than that ...</P><P></P><P></P><P>You mention that the password has a problem with "the built in acceptable password policy", and that it's not actually attempting RADIUS authentication.&nbsp; So, the user successfully configures their password via their A/D account to include special characters.&nbsp; Then, when logging in to the IPS, after entering those credentials, it gives some kind of <STRONG>*local*</STRONG> error on the IPS regarding the password?</P><P></P><P><STRONG>*Can you provide the error message you're seeing, either from the device logs, or the error given to the user?</STRONG></P><P></P><P>I was under the impression that the built-in password policy was only used to verify passwords when they were changed or created.&nbsp; If anything, that policy should not be applied at all when RADIUS authentication is enabled.&nbsp; But, I could be wrong about that.</P><P></P><P></P><P>You might want to check the <A href="http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs">Bug Toolkit on CCO</A> for any related bugs already opened.&nbsp; The IPS release notes don't include open caveats for each release, only resolved ones.</P></BODY></HTML> Tue, 11 Jan 2011 06:52:38 GMT https://community.cisco.com/t5/network-security/ips-sensors-and-radius-authentication/m-p/1581778#M65851 mikecrowe4ICS_2 2011-01-11T06:52:38Z