cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

660
Views
0
Helpful
1
Replies
UKFNISNetworks
Beginner

IPS Sensors and RADIUS authentication

Does any one know what constitutes acceptable password characters on version 7.0(4)E4 of the IPS Software?

I'm in the process on testing the sensors with RADIUS authentication against ACS version 4.2. ACS backs of to

Microsoft AD for accounts and passwords.

When the password is simple i.e. Uppercase / Lowercase / Numerals the authentication works fine. However

if a user has "special" characters the authentication process does not try RADIUS but seems to fall foul

of the built in acceptable password policy.

I know I can change the password policy but this only relates to the number of characters from each type rather

than the acceptable characters.

1 REPLY 1
mikecrowe4ICS_2
Beginner

* Which special characters have you tried?

* What position in the password are you inserting the special characters?

I've run into issues before on Cisco equipment (but not necessarily IDS-IPS), where they had issues with certain special characters being used for passwords/shared secrets.  I usually try to stay away from using @, #, %, and &.  I've also seen problems with using special characters as the first or last character in a password/secret.

Other than that ...

You mention that the password has a problem with "the built in acceptable password policy", and that it's not actually attempting RADIUS authentication.  So, the user successfully configures their password via their A/D account to include special characters.  Then, when logging in to the IPS, after entering those credentials, it gives some kind of *local* error on the IPS regarding the password?

*Can you provide the error message you're seeing, either from the device logs, or the error given to the user?

I was under the impression that the built-in password policy was only used to verify passwords when they were changed or created.  If anything, that policy should not be applied at all when RADIUS authentication is enabled.  But, I could be wrong about that.

You might want to check the Bug Toolkit on CCO for any related bugs already opened.  The IPS release notes don't include open caveats for each release, only resolved ones.

Content for Community-Ad