Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1834
Views
0
Helpful
5
Replies

ACS 3.0(1) Password Aging on does not work!!

hgorter
Level 1
Level 1

‎09-16-2002 01:10 AM - edited ‎02-21-2020 10:03 AM

Dear Members,

We are using a cisco 3620 (IOS V 12.1.(5)T10) with ACS version 3.0(1) for Windows NT/2000. We use the RADIUS protocol and use the Windows 2000 user database to authenticate users.

We want users to change their password once it expired. But with ACS this does not work. The ACS log says that the user must change the password, but the user never gets this message. The result is that the user cannot dial-in because a change password is required.

If we use Steel-Belted Radius in stead of ACS every-thing goes well. And if we use the local ACS database to authenticate users - in stead of the windows 2000 user database - every-thing goes well too.

Does some-one has a solution for this?

Thanks in advance.

Kind regards,

Harry

Labels:
0 Helpful
5 Replies 5

jekrauss
Level 1
Level 1

‎09-16-2002 04:12 PM

No, password changing of the external DB is not supported in ACS until MS-CHAPv2.

Here's an excerpt from the 3.0(2) release notes:

"MS CHAP version 2 Support and MS CHAP Password Aging Support—Cisco Secure ACS supports MS CHAP version 2. In addition, we added an MS CHAP-based password-aging feature which works with the Microsoft Dial-Up Networking client, the Cisco VPN client (version 3.0 or greater), and any desktop client that supports MS CHAP. This feature prompts a user to change his or her password after a login where the user password has expired. The MS CHAP-based password-aging feature supports users who authenticate with a Windows user database and is offered in addition to password aging supported by the CiscoSecure user database.

--------------------------------------------------------------------------------

Note Cisco VPN 3000-series Concentrators and Cisco IOS will support MS CHAP password aging in upcoming releases. "

HTH

Jeff

0 Helpful

hgorter
Level 1
Level 1
In response to jekrauss

‎09-17-2002 12:57 AM

Dear Jeff,

Thanks for your reply. The same is written for the release notes version 3.0(1).

If I understood well - it means that ACS 3.0 does support password aging but Cisco IOS will start support password aging in upcomming releases.

Which upcomming releases? Are these releases already available?? If not available yet, when will they released then?

Can some-one give me the answers please?

Thanks in advance.

Kind regards,

Harry

0 Helpful

jekrauss
Level 1
Level 1
In response to hgorter

‎09-18-2002 05:08 PM

It is currently supported in 12.2(2)XB6 and "should" (my best guess) be integrated into the next T train release after 12.2.(11)T.'

Keep in mind that Microsoft still has some issues with this feature on Win2k and WinXP, but it has been proven on this image with Win98 for sure. I can't speak for under what conditions the other OS's will or won't work.

HTH

Jeff

0 Helpful

hgorter
Level 1
Level 1
In response to jekrauss

‎09-19-2002 03:04 AM

Dear Jeff,

Thanks again for your reply.

For my understanding: Does password aging in ACS only work if we use ACS version 3.02 in combination with IOS version 12.2(2)XB6 or greater release than 12.2(11)T?

In other words: Do we need a new IOS version to make password aging in ACS 3.02 work??

I am looking forward to your answer.

Kind regards,

Harry

0 Helpful

hgorter
Level 1
Level 1

‎09-30-2002 03:13 AM

Dear Members,

It seems that Microsoft has a fix for this problem.

Please look at:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q326770

I am going to test it and I hope that it really solve the problem. I let you know.

Kind Regards,

Harry

0 Helpful
Customers Also Viewed These Support Documents