cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2825
Views
1
Helpful
3
Replies

ISE 2.2 TACACS Password Expiry

kilravock
Level 1
Level 1

Hi Folks

We recently added a Device Admin license to our ISE 2.2 (ver 2.2.0.470 patches 1 & 2 installed) deployment and created internal users and a net_admin group to administer our network devices.  For now (and I'm aware of the security risks) we don't want the passwords to expire so under Administration, Identity Management, Settings, User Authentication Settings, Password Policy have unchecked

Disable user account after days if password was not changed

and

Lock/Suspend Account with Incorrect Login Attempts


and unchecked all Disable Accounts options under Administration, Identity Management, Settings, User Authentication Settings, Account Disable Policy

However we are now being warned whenever we log in to a network devices that our passwords are due to expire. 

Is there something else I need to configure to stop the passwords from expiring?

TIA

1 Accepted Solution

Accepted Solutions

CSCvf30591 is probably what you are seeing.

View solution in original post

3 Replies 3

ognyan.totev
Level 5
Level 5

Hi , we have same issue in our deployment . As you configured we did the same .But i show you our configuration now and will solve your problem.

I think this is bug , because when we remove tick from disable account after the problem with expire still exist.

Just put the tick and increase the time to 3650 days .

CSCvf30591 is probably what you are seeing.

Had raised a TAC case and they have confirmed the bug, and that it is cosmetic - accounts don't actually expire.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: