Re: Password replication to ACSes

hankiewt · ‎02-01-2006

All:

I have the "Upon remote user password change, immediately propagate the change to selected replication partners" box checked on my ACS and two ACS are configured as partners. When users login for the first time, they are forced to change their passwords. My problem is that the other ACS do not receive their changed password. I can see it confirmed in the log that " Replicated User Password Change for User 'abc' to "xyz" but when user tries to log in via xyz ACS he/she get error msg. Database replication works fine. Any fixes ??

thomas.chen · ‎02-07-2006

The CiscoSecure ACS can act as a client to the token-card server. To accomplish this, the CiscoSecure ACS is set up with a secured communication link to the token-card server. This is done by either configuring a shared secret password between the two servers and defining the IP address or by installing a file created by the token-card server that contains the same information into the CiscoSecure ACS. You can use Database Replication or CSUtil.exe to update and maintain the user database.

Requests from the access device are first sent to the CiscoSecure ACS. If the username is found and has been configured to authenticate against a token-card server, the authentication request is forwarded accordingly. If the username is not found, the CiscoSecure ACS checks the database you have configured to authenticate unknown users. If the request for authentication returns a pass, then the appropriate authorizations are forwarded with the approved authentication to the access device. The CiscoSecure ACS then maintains the accounting information.