We're using CS ACS 3.3. We've been asked to change all of the TACACS+ keys for all of our switches (approximately 900+ devices).
We can use CiscoWorks to change the keys on all of the devices, but is there any way to mass-change the TACACS+ key in the ACS for our devices? We're using Network Device Groups, but best I can see, it's not possible to add a AAA client and define certain characteristics in a generic group profile that gets inherited by all configured devices (such as a universal TACACS+ key for all devices in the group).
Using the RDBMS Sync feature you can add/delete/edit NAS configs via ODBC. Initialliy it might be a pain to create the transaction file (although you might be able to script something). But having donr it once you'd be able to re-key all the devices instantly next time - so long as the list of devices was kept up-to-date.
I saw the previous post about using RDBMS sync and I'm looking into that.
Best that I can tell, we don't have any properties that are inherited by the entire group. I haven't been able to find a way to look at any properties for the NDG. Is it possible to change the inherited key after the group has been created?