cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1239
Views
6
Helpful
3
Replies
Javier Glaz
Beginner

ACS migration utility TACACS+ enable password problem

Hello,

I am trying to migrate an ACS 4.1.1(24) using the migraton tool to ACS 5.2. The tool is working OK. It migrates the users, groups, NDG, etc. and the reports are showing no errors.

The problem is with the Enable password of the users. The users in the ACS 4 have the TACACS+ Enable Password configured, but after the migration it appears empty in the ACS 5.

Any ideas? Did someone find the same problem?

Thanks in advance.

3 REPLIES 3
mauzamor
Beginner

Hi there,

Here is a list with the supported options that will be migrated from 4.x to 5.x and I don't see the Enable Password in that list:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/migration/guide/Migration_support.html#wp1014776

If you go to Internal User in that document you posted, you will see the following table:

4.x Attribute Name

5.1 Attribute Name

Comment

User Name

Name

Account Disabled

Status:

Enabled

Disabled

Description

There is no description to be retrieved from
ACS 4.x. The description used in ACS 5.1 varies depending on the type of user defined, as follows:

Migrated Internal User

Migrated User with External Authentication

Password

Password

Group to which the user is assigned

Identity Group

User groups must be migrated first; association to the migrated identity group is retained.

Separate TACACS+ Enable Password

Enable Password

The last one is the password I am refering to. So, based on this list, it is supported by the tool.

Regards,

Javier

Javier,

You are right about that, I missed that chart.

I just did a test in my ACS 5.3 to be sure and it worked fine, the enable password for my users was migrated successfully. The only changed I did before migrating the users was to enable the TACACS+ Enable password option from System Configuration/User settings.

I will try with a 5.2 later today if possible and will let you know.

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube