Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1317
Views
4
Helpful
2
Replies

Question about TACACS using Windows Active Directory

sundar.palaniappan
Level 10
Level 10

‎04-04-2006 03:50 PM - edited ‎03-10-2019 02:31 PM

Hi,

We use TACACS on a Cisco ACS box to authenticate logins and authorize commands for our infrastructure devices. When users log into a router/switch they are authenticated against the infrastructure team's Windows active directory domain username and passwords which is an option within ACS. Windows Active Directory has passwords expire after a certain period of time for security purposes. However, you will not realize that your password has expired until you log into a windows based device on the domain. If someone only logs into routers and switches they only receive an authentication failure message and nothing about their Windows passwords needing to be reset or changed when it has expired. Is there some feature or some command that can be put in place to allow windows password expirations to be relayed via TACACS to a Cisco device so the user is aware? Taking it one step further is there a way to reset/change the password on the Cisco device itself?

TIA,

Sundar

Labels:
0 Helpful
2 Replies 2

darpotter
Level 5
Level 5

‎04-06-2006 03:17 AM

Hi

Lost count of how many customers asked for this one!

Unfortunately the CHPASS T+ request is only supported by the ACS internal database - and not external ones :(

This could (and should) be addressed. I can only advise you to speak the ACS marketing.

Darran

sundar.palaniappan
Level 10
Level 10
In response to darpotter

‎04-06-2006 03:38 PM

Darran,

I was able to find the information on CCO myself earlier.

Anway, thanks for your response!!

Rgds,

Sundar

0 Helpful
Customers Also Viewed These Support Documents