Cannot authenticate with ACS because of USERNAME Length

Amro BaniHani · ‎02-22-2015

Dear Experts,

I'm using Cisco ACS (Radius and TACACS+) to authenticate network devices in my network for administration, everything works great except one of the devices accepts usernames of 8 characters length only so when I change the authentication method of this device to use TACACS+ and I enter my username which exceeds 8 characters, only the first 8 goes to ACS and since it doesnt exist in the users database it will reject the authentication.

My username: 1234567890

when I authenticate using TACACS+, I can see 12345678 only...

Any suggestions please? for an example is it possible to add a rule if ACS sees username "12345678" it adds "90" then check the password and authenticate?

Thanks for the help in advance...

Amro

mohanak · ‎02-23-2015

Network Configuration Prompts : http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/release/notes/acs_55_rn.html#61858

Prompt	Default	Conditions	Description

Username

admin

The name of the first administrative user. You can accept the default or enter a new username.

Must be from 3 to 8 characters and must be alphanumeric (A-Z, a-z, 0-9).

Enter the username.

Amro BaniHani · ‎02-23-2015

Thank you Mohanak for the reply but I believe you misunderstood my problem so I will try to explain it again.

Switch A authentication method is TACACS via Cisco ACS and Cisco ACS uses Active directory.

My Username is: ABC1234567890

Switch A limitations is it doesn't accept a username with a length exceeds 8 characters.

So when I want to login to Switch A using my username (ABC1234567890) Switch A will strip the characters after the first 8 so it will take the username of (ABC12345) only then it will send it to ACS then ACS will check for this username which doesnt exist so it will not authenticate.....

I hope this is clear now.

Regards,

Amro