cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

636
Views
0
Helpful
2
Replies
Highlighted
Beginner

Import Steel Belted Radius users to ACS

Is there a method to import SBR (local) users into ACS?  Perhaps via some intermediate tool?  The SBR exports will contain one-way-hashed passwords, so the question is really whether there is any method to import ACS users with these?

Everyone's tags (4)
2 REPLIES 2
Highlighted
Advocate

Import Steel Belted Radius users to ACS

If you can export a list of the user accounts you can take the user names and download the import template (CSV) from the ACS user configuration.

What you can do next is build a one-time password so that users will have to enter and set the flag in the import template for the password to expire during the next login.

You can then use the UCP scripts on a web server so that users can change their password, this is the best solution I can suggest.

Also are you username formats the same in Active Directory? You can import the usernames and set the password to use AD or LDAP for password authentication (will need to double-check your version of ACS).

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*
Highlighted
Beginner

Re: Import Steel Belted Radius users to ACS

Hi Tarik

That's very helpful, but one problem is that the authenticating devices are specialised hardware on which the users cannot change their passwords - it has to be done by local administration staff who have the necessary tools.  So the question is whether there is any mechanism to use an exported file from Steel Belted Radius, including hashed passwords, which can be imported into ACS?

The passwords are stored directly in the SBR server.  I've just had a look at what it's capable of exporting, and it seems I can get the data out in XML format, which I can then manipulate, of course.  However, the issue is that the passwords are not exported in plain text.  If the password is stored as a hash on the SBR server, you get an MD5 hash in the XML file.  If it is stored in "plain text" in the SBR server then the XML export shows the password in encrypted form.