Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1626
Views
0
Helpful
3
Replies

Password Aging for Win NT

drussell
Level 1
Level 1

‎05-13-2003 12:09 PM - edited ‎03-10-2019 07:18 AM

I have some apparently conflicting requirements that I would like to confirm with the more experienced ACS folks:

1. All users will authenticate via the external Win NT database

2. The users are in two classes:

- dial up users

- LAN users

3. Password aging will be enabled in the Windows domain

4. I want to create a user group with command permissions (ie a monitor group that cannot change a config but can reload the box)

5. I want to have the admin people log in at a non-enabled level and enter a different password to reach the enable mode.

As far as I can tell requirement 3 can only be done with RADIUS and 4 and 5 require TACACS+

Labels:
0 Helpful
3 Replies 3

mhoda
Level 5
Level 5

‎05-13-2003 01:28 PM

Hi,

Yes, your are correct ! Requirement 1 & 2 can be fullfilled by both tacacs+ or radius.

Requirement 3 requires radius. Here is the link :

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080102176.html#81785

And of course, 4 & 5 require tacacs+.

Thanks,

Mynul

0 Helpful

drussell
Level 1
Level 1
In response to mhoda

‎05-14-2003 01:03 PM

I have created separate AAA clients within ACS for each NAS: one supports TACACS and one supports RADIUS so that I can authenticate the PPP connections with RADIUS and the admin logins to the NAS with TACACS. So far this seems to be working well.

0 Helpful

mhoda
Level 5
Level 5
In response to drussell

‎05-14-2003 04:40 PM

Great ! Thanks,

Mynul

0 Helpful
Customers Also Viewed These Support Documents