02-24-2011 11:11 PM - edited 03-10-2019 05:51 PM
Hi Guys
I am struggling with migrating from ACS4.2 to ACS 5.2.
In our 4.2 platform we have a lot of users defined used for authenticating EasyVPN boxes.
However when i am migrating those "users" to acs 5.2 i no longer have the option of setting that their password shouldn't expire.
In the release notes of ACS 5.2 i have read that the have included the option but i can't seem to find it.
Should i build the field myself in dictionaries?
Best regards
Jimmi Hvidtfeldt
Solved! Go to Solution.
03-15-2011 08:17 AM
Some more background here (I think this data is captured in the release notes)
The capability is availability on patch 5.2.0.26.2 and onwards
This capability uses a predefined internal user attribute to indicate whether the password for a user expires
The administrator can define a reserved name boolean attribute in order to configure for specific users to never expire their password.
Note, this attribute can be used to override only the "Expire the password" option and not the "Disable user account" in the users authentication global settings.
For enabling this feature:
1) Set the "Users Authentication Settings" to be "expire the password"
2) In : System Administration > Configuration > Dictionaries > Identity > Internal Users add Boolean attribute called ACS-
RESERVED‐Never‐Expired and set its default value to "false".
3) Set this attribute to true for users whose passwords will never expire
02-25-2011 11:46 AM
Sir:
Under the System Administration > Users > Authentication Settings > Advanced, uncheck the password lifetime settings. As far as doing this on an individual basis, I have not seen a method either, nor have I experimented with the dictionary. I will however look into it, as you have me curious
02-25-2011 11:05 PM
Hey
Thanks for your reply.
I know that i can disable password aging, but that would also meen that my network administrators are not required to change their tacas login.
And i would very much like that to happen.
Also we have some external partners connecting via vpn, which is defined in acs instead of AD.
When i look at the patch levels for ACS5.2 i see the following.
Bug ID | Description |
---|
CSCtk32178 | Add an option for pass never expired for specific users. |
However i cannot find documentation anywhere on how to actually accomplish it.
Any help is appreciated.
Thanks for looking in to it.
03-15-2011 08:17 AM
Some more background here (I think this data is captured in the release notes)
The capability is availability on patch 5.2.0.26.2 and onwards
This capability uses a predefined internal user attribute to indicate whether the password for a user expires
The administrator can define a reserved name boolean attribute in order to configure for specific users to never expire their password.
Note, this attribute can be used to override only the "Expire the password" option and not the "Disable user account" in the users authentication global settings.
For enabling this feature:
1) Set the "Users Authentication Settings" to be "expire the password"
2) In : System Administration > Configuration > Dictionaries > Identity > Internal Users add Boolean attribute called ACS-
RESERVED‐Never‐Expired and set its default value to "false".
3) Set this attribute to true for users whose passwords will never expire
03-16-2011 05:03 AM
Thats great, thanks.
Just what i needed.
05-15-2014 06:28 AM
For anyone using this (correct) solution. Do take heed and type in the Boolean string name manually.
-> I have spent 3 days looking for inconsistencies etc. then it came to light the above string has incorrect dashes:
'ACS-RESERVED‐Never‐Expired' -> '‐'
as opposed to required
'ACS-RESERVED-Never-Expired' ->'-'
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: