Re: ISE 3.1 Network user will be disable after 1 day

tjdwns4111 · ‎07-24-2023

I use ISE 3.1 and there is few TACACS user. and the password lifetime is 30days.

And some users have not changed their passwords within 30 days, so they are disabled.

I changed the account to enable with the administrator account. And I changed the password of the user. However, after a day, the user is disabled again.

Is there a way to solve this problem other than deleting and re-registering users?

Arne Bier · ‎07-25-2023

Perhaps this setting is enabled? The user must change their own password, not the admin. I have not used this feature before - I will try it and see if it works (i.e. if I can reproduce this issue and then fix it by the user resetting their own password - via a TACACS+ login/password reset)

nssnas189 · ‎11-23-2023

@Arne Bier: where can I find this setting? We are running ISEVersion: 3.1.0.518 (Patch Information: 6,7)

We created Admin as local "Network Access User" for manage our Network Resources and need to implement ChangePassword Policy for this local Admins "Network Access User".

I found only this setting under "Administration>Admin Access>Authentication>Password Policy". I think this is for the ISE Admin User itself.

How or where can I set such policy for "Network Access User" Only?

Arne Bier · ‎11-26-2023

Hello @nssnas189

Administration > Identity Management > Settings > User Authentication Settings > Password Policy

hslai · ‎07-29-2023

@tjdwns4111 If the user has configured for an enable password, that also needs updated.

tjdwns4111 · ‎07-31-2023

thank u for your advice.

The enable password has never been changed. I will also change the enable password and test it.

Filip Po · ‎07-31-2023

Hello, what about this parameter? Is it set or unset in your environment?

tjdwns4111 · ‎07-31-2023

the account disable policy is not set in my enviroment.