01-22-2014 07:18 AM - edited 03-10-2019 09:18 PM
01-23-2014 07:38 PM
If you can export a list of the user accounts you can take the user names and download the import template (CSV) from the ACS user configuration.
What you can do next is build a one-time password so that users will have to enter and set the flag in the import template for the password to expire during the next login.
You can then use the UCP scripts on a web server so that users can change their password, this is the best solution I can suggest.
Also are you username formats the same in Active Directory? You can import the usernames and set the password to use AD or LDAP for password authentication (will need to double-check your version of ACS).
Thanks,
Tarik Admani
*Please rate helpful posts*
01-24-2014 06:17 AM
Hi Tarik
That's very helpful, but one problem is that the authenticating devices are specialised hardware on which the users cannot change their passwords - it has to be done by local administration staff who have the necessary tools. So the question is whether there is any mechanism to use an exported file from Steel Belted Radius, including hashed passwords, which can be imported into ACS?
The passwords are stored directly in the SBR server. I've just had a look at what it's capable of exporting, and it seems I can get the data out in XML format, which I can then manipulate, of course. However, the issue is that the passwords are not exported in plain text. If the password is stored as a hash on the SBR server, you get an MD5 hash in the XML file. If it is stored in "plain text" in the SBR server then the XML export shows the password in encrypted form.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide