03-28-2023 03:23 AM
Is there a way in the ISE GUI or CLI to look at the internal database of TACACS users, to determine how soon the password needs to be changed on a specific account (or a counter showing the number of days since last changed, or the like).
In our case we cannot use the obvious solution of the canned GUI report of the user changing password because the deployment is busy enough to have "aged out" the internal log entry.
TIA
Solved! Go to Solution.
03-30-2023 07:13 AM - edited 03-30-2023 07:16 AM
There is a way, but you can only check a single account at a time, and it was just added in 3.2.
Go to Administration > Identity Management > Identities > Users, select your user and look at the Password Lifetime. Even if Never Expires is selected, change it to With Expiration to see the Lifetime left for that password if it were to expire.
03-28-2023 03:37 AM
Hi
Take a look on this thread.
03-28-2023 03:37 AM
You can look Global Settings about password change policy : ( not that i have observed closely for local accounts) - may be we can check audit report.
03-30-2023 03:35 AM
Thanks for the responses, however unless I misunderstand they are not what we need. We need to check specific internal/local accounts for upcoming password expiry in some way. It would be a non-issue if Cisco would provided the ability to assign different password policy for different accounts/groups CSCvu07107. I can look through syslog (we log ISE there as well), but not everyone else has 30+ years with Cisco and Unix like myself. Really need a "raw newbie" way to accomplish the task.
03-30-2023 07:13 AM - edited 03-30-2023 07:16 AM
There is a way, but you can only check a single account at a time, and it was just added in 3.2.
Go to Administration > Identity Management > Identities > Users, select your user and look at the Password Lifetime. Even if Never Expires is selected, change it to With Expiration to see the Lifetime left for that password if it were to expire.
03-30-2023 07:27 AM
Charlie, that is so great to hear/see. It will (in our near future) save me a good deal of headaches. And any newbie can manage it without instruction!! LOL. Again thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide