cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7914
Views
0
Helpful
9
Replies

Cisco ACS 5.8 CLI admin account lockout

Algo_Non
Level 1
Level 1

Hi, All

We recently deployed Cisco ACS 3495 apliance and running on a 5.8 version.

Everything seems well when our admin account for the CLI was lockout.

Found a Cisco bug for the same issue with version 5.5 but no fix yet..

ACS 5.5 CLI Admin Account Locked Out and No Log Message
CSCur37203
Anyone out there who might have encountered the same issue and can help advise?
Thanks and regards,
Nes
1 Accepted Solution

Accepted Solutions

Gary Curtis
Level 1
Level 1

Hi,

Unfortunately the only fix for this is the Password Recovery DVD.

Once fixed you can increase the auto locked out amount to something higher than the Cisco default.

View solution in original post

9 Replies 9

Nadav
Level 7
Level 7

Hi,

If you're asking whether or not you can receive a notification of this CLI lockout, then yes you can. It can be provided via:

logging <syslog server>:<syslog port>

logging loglevel 6  (5 would also do I think)

You will then receive a syslog notification for a user being locked out via failed attempts. You will not receive a syslog for an incorrect password though before the lockout. If you're interested in unlocking the CLI admin, you can use a recovery disc for ACS.

If your account locks out for no reason, that is indeed odd. I haven't seen this issue replicate under ESXi 5.5.

Gary Curtis
Level 1
Level 1

Hi,

Unfortunately the only fix for this is the Password Recovery DVD.

Once fixed you can increase the auto locked out amount to something higher than the Cisco default.

Hi, Gary

Thanks. DVD was a great help and we change he Cisco default for the auto lockout.

HI,

We also face the same issue in our environment, is this DVD came with the device itself?

Thanks,

Rajkumar

YES !! The recovery DVD comes with the box.

- Jatin

~Jatin

Hello, I have the same problem, but I don´t have the recovery DVD. do you know where I can downloaded?

Thank you.

- Carlos

Here is the name of the file you need to download:

ACS 5.8 FCS Official Version 
ACS_v5.8.0.32.iso

Download the ISO

- Jatin

~Jatin

Can you provide recovery dvd for ACS 5.7? 

Jatin Katyal
Cisco Employee
Cisco Employee

so this was an enhancement request where expectation was to have some kind of user friendly logs that can help administrator of ACS to understand the reason and time of lockout. However this got fixed stating that cron job will be running periodically and send the related logs to ADE.log. This can be accessed and read in the support bundle.

- Jatin

~Jatin