02-05-2018 12:54 AM
I have a customer who is migrating over to ISE (2.3) from ACS (5.6) however they have A LOT of Internal Users. As part of the migration, the client requested rationalisation of their existing TACACS & RADIUS rules. As part of that process the device & user groups, rules etc will be changing. With that (and the various issues I have run into with ISE 2.3) the decision to not use the migration tool was made (also could not risk upgrading the production system with short timeframes, its very flaky and the customer has a very NO TOUCHING policy).
Anyway, I have translated all the rules but now have an issue with the ACS Internal Users. I cannot export the Users with their passwords! At this time I am assuming the cli "export-data user" does not include the passwords (If it does please let me know with a response). Is there any way to get the Internal User details & passwords without using the Migration Tool? I would have expected the GUI ! export would include the passwords when an encryption key is provided.
02-05-2018 12:58 PM
Hi Blake,
Did you try disabling password hashing in ACS? which is known to interfere with migration as well.
-Krishnan
02-05-2018 04:52 PM
Hi Krishnan,
I've stated the customer has ACS 5.6, password hash feature is only in 5.7 & 5.8.
Blake
02-07-2018 08:25 PM
Anyone have a response?
02-17-2018 06:18 PM
AFAIK the migration tool is the only way to get the internal users with the passwords.
Perhaps, you may perform the migration from ACS to an ISE in the lab and then export them in CSV.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide