Solved: Re: ISE Network Access User password change

steve.berglund · ‎05-31-2018

Hi all

Client is wondering, and I'm looking for a way, to allow network access users to change their own passwords on their internal ISE network access user accounts. Specifically the enable password for use with TACACS. They're running ISE 2.2 currently.

Anyone have any ideas on how that might be accomplished, if possible at all with ISE alone, or some kind of API scripting?

hslai · ‎05-31-2018

Please hit <enter> while prompted for the password and then it should prompt for the old and then the new passwords. Also, in order for this to work, please configure the authentication policy rule to use the ID store directly instead of an ID source sequence with multiple sources, because the feature uses only the first ID source.

View solution in original post

steve.berglund · ‎05-31-2018

I don't see where to edit the OP, but this is coming up due to some ASA they're running that are pre-9.1.5 / auto-enable.

hslai · ‎05-31-2018

Please hit <enter> while prompted for the password and then it should prompt for the old and then the new passwords. Also, in order for this to work, please configure the authentication policy rule to use the ID store directly instead of an ID source sequence with multiple sources, because the feature uses only the first ID source.

steve.berglund · ‎06-04-2018

Thanks for the response, hslai. Where/what screen am I pressing enter on to change the password? Is this in ISE CLI or on a network device?

hslai · ‎06-04-2018

On the NAD CLI. Below shows it with a CSR1000v SSH session:

CSR1Kv>en

Password: <-- Hit Enter here

Enter Old Password: <-- Put the existing enable password

Enter New Password: <-- Put the new password

Enter New Password Confirmation: <-- Repeat the new password

CSR1Kv#

steve.berglund · ‎06-04-2018

That's great, thanks for the screen shot. Going to give it a try.

Thanks again

steve.berglund · ‎06-04-2018

Got word back from my client already, it worked as expected.