Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1928
Views
0
Helpful
5
Replies

ACS query

Jonn cos
Level 4
Level 4

‎10-09-2012 10:29 PM - edited ‎03-10-2019 07:39 PM

Hi all.

We have dialup users that are connecting to our portal for uploading/downloading credit information. We are currently using ACS 3.3. There is a requirement that, initially we provide clients with their username/password, but we want to enforce the policy that when the user logs in first time, he should be prompted (forcefully) to change his password.

1) Can this be done in ACS 3.3. I know its outdated but if anyone knows then pls tell me

2) What solution shall be used in this case ? can it be done in ACS 5.3 ?

Kindly guide me

Labels:
0 Helpful
5 Replies 5

Jonn cos
Level 4
Level 4

‎10-10-2012 09:33 PM

pls someone

0 Helpful

drstanic
Cisco Employee
Cisco Employee

‎10-10-2012 09:55 PM

Hi John,

You can enable password expiry for the users that login for the first time so that they are asked to change their password when they login for the first time.

For this, you will have to enable 'Password Aging Rules' on the ACS (this is applied on a group basis).

To enable Password Aging Rules:

ACS > Group Setup > Select the group and click edit settings >Password Aging Rules > check the 'Apply password change rule' box

This will force the user to change the password on the first log-in after an administrator has changed it.

Please note that if you do not see the option 'Password Aging Rules', then you will have to enable it from:

Interface Configuration > Advanced Options > Group-Level Password Aging.

Just as an FYI, support for ACS 3.3 ended in 2009. Reference: EOS/EOL Notice for ACS 3.3:http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps2086/prod_end-of-life_notice0900aecd80420b67.html

ACS 5.3 also allows you to force users to change their password on the next login. In ACS 5.3 this setting is located on the users's password change page. To force a user to change their passwod on next login:

Users and Identity Stores > Internal Identity Stores >

Users

Check the box next to the relevant username

Click the "Change Password" button

Check the box next to "Change password on next login"

Click the "Submit" button

Let me know if that helps.

Regards,

Dragana

0 Helpful

Jonn cos
Level 4
Level 4
In response to drstanic

‎10-10-2012 10:11 PM

Sir i will check it today. I just want to know one thing more. When you said that it will force the user to change the password on their first login, did you mean that it will give them any banner/prompt that they need to change the password or do we need to tell them manually (like via email or something)

0 Helpful

nkarthikeyan
Level 7
Level 7

‎10-11-2012 09:24 AM

Hi John,

It is very difficult and not so that handy when it comes for ACS 3.3 version.

You can refer the below document for password rules in ACS and its explainations..

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/3.3/user/guide/g.html#wp16647

Refer the below discussion about ACS 3.3 for VPN users Password rules which is well explained.

https://supportforums.cisco.com/thread/216075

Hope this helps.

ACS 5.x version you can set this without any issues.

Please do rate if the given information helps.

By

Karthik

0 Helpful

Jonn cos
Level 4
Level 4
In response to nkarthikeyan

‎10-15-2012 11:32 PM

Sir, when you said it can be done in ACS 5, then are you talking about forcefully prompt the user to change the password ?

Kindly let me know, and sorry for the delayed response

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents