I'm replacing an ACS 5.2 (among other patforms) with ISE 1.3. ACS has several internal users configured for device admin purposes and I need to migrate those users (whose password I don't know) to ISE.

I first tried to manually create the users in ISE with a generic password and checked "Change password on next login" for each one of them, in order to allow them to change their passwords through terminal line. However, that didn't work out... I just see a message in ISE saying "24203 User need to change password" and get an "authentication failed" message in the terminal without the prompt for password change.

Then I thought maybe I could export users from ACS and import them in ISE, but the export file from ACS does not contain users' passwords.

So, 3 questions:

- Does "change password on next login" work with RADIUS or just TACACS (I've seen it working with ACS before)?

- Is there a way to include passwords in users export file in ACS in order to import it to ISE?

- In case neither of the above options is valid, do you have any recommendation on how to manage this situation?

Thanks in advance,

Carlos Morais