08-27-2003 08:24 AM - edited 03-10-2019 07:27 AM
If a user ID is disabled on CS ACS and the user tries to login after his account is locked out, he does not get any message. He is prompted again to enter his ID. Is there a message file where messages can be controlled for different kind of failed attempts like invalid user ID, account disabled, invalid password...
08-28-2003 05:14 PM
There is no way ACS can control what message is sent to the end user if his password is locked out. ACS merely responds to the NAS with a yes or a no on whether the user credentials are valid or not, it is then up to the NAS to allow or deny the connection, or in the special case of token new-pin mode, prompt the user for additional credentials. Adding log messages into ACS is not going to make anything appear to the end user. No way around this, sorry.
08-29-2003 06:55 AM
Thanks for the reply... But CS ACS does send messages to the client since the password expiration information is sent to the workstation... For example, if the password expiration is set, the following messages are received by the client
Username: test01
Password:
Your password will expire in 1 more logins
PS - additionally the "has expired" message is being sent:
3600-rtr>telnet 10.10.20.10
Trying 10.10.20.10 ... Open
Username: 10.10.20.10
Password:
Your password has expired.
Enter a new one now.
New Password:
Re-enter New password:
Password Changed
08-29-2003 07:35 PM
ACS does NOT talk to the client directly at all.
The password expiration feature you describe is part of authenticating with MSCHAP. The NAS/router has to support that feature for which code was specifically written into IOS for it to do that, similarly for token new-pin mode. There is nothing in IOS code that is going to send a prompt/message to the user for when the users ACS account is disabled.
Hope that makes things clear.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide