cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1000
Views
0
Helpful
4
Replies
iciar_acfe
Beginner

Is it possible to change password at first login in ACS 5.1 via radius?

Hi

In ACS 5.1, when defining the users, you can click on "change password on first login". So far, when the user is created this way, it is not even allowed to log in with the assigned password, and as a result it is not asked to change the password either. 

Is this possible if the protocol is RADIUS? Or is that the problem?

Thanks

4 REPLIES 4
Tiago Antunes
Cisco Employee

Hi,

Yes it is possible to change password at first login.

What kind of authentication are you attempting?

Network access or device adminstration?

What exactly is happening that leads you to write it does not work?

If you aren't even able to login, why would you say that password change does not work? If you disbale password change, are you able to login?

Maybe check the logs for those failed attempts. The reason may help you find the rrot cause.

Or share with us so we can help you.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Hi

Thanks for answering

I say it does not work because when this option is selected, the login fails, and the ACS log displays a message saying something like " login failed. User needs to change password". (I don't have access to the system now in order to provide the exact message, sorry)

If the option is not selected, login is ok.

Sorry, I don't know the difference between the kind of authentication that you mention, or which is the purpose of each user in each machine in order to know what authentication they should use.

Thanks again

Hi,

Device admin -> the user is trying to login into a network device like switch or router.

Network access -> the user is trying to login in a PC via dot1x for example.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Hi Tiago

Thanks a lot. Now that is clear.  In my case, it would be device admin via Radius.

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube