Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1937
Views
0
Helpful
5
Replies

Q: Error Configuring Password Policy in CLI

fatalXerror
Level 5
Level 5

‎08-12-2014 09:37 PM - edited ‎03-10-2019 09:56 PM

Hi Guys,

 

Good Day!

 

I need help to disable some settings in the password policy via CLI. I always got the error message below when I tried it even though I don't have any secondary node. I'm just using one ISE 1.2 standalone.

Error Message:

% Error: Configuration changes ignored. Password policy is replicated from ISE administration node.  Please set CLI password policy using the ISE web UI on the primary administration node.

The main issue is that my GUI password always expired whenever I did not access it for a long time (approximately a month) so I tried to disabled the settings via GUI however, it is still the same. 

Thanks for the help!

 

Cheers,

 

Nikko

Labels:
0 Helpful
5 Replies 5

nspasov
Cisco Employee
Cisco Employee

‎08-15-2014 04:42 PM

In the GUI go to "Administration > Admin Access > Authentication > Password Policy Tab" There you can adjust all of the password settings that you are referring to. 

 

Thank you for rating helpful posts! 

0 Helpful

fatalXerror
Level 5
Level 5
In response to nspasov

‎08-16-2014 05:18 AM

Hi Neno,

Good Day!

Thanks for the reply however, I already adjusted it but the GUI credentials always expires when I don't logged-in for a long time.

Thanks for the help in advance.

niks

0 Helpful

Ahmad Murad
Level 1
Level 1
In response to fatalXerror

‎08-17-2014 04:07 AM

The only option you have is to remove the administrator passwords expire option from the GUI, or you can increase to the maximum limit which is 3650 days.

Once you un-check the box from the settings, then also it will be removed from the CLI configuration.

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to fatalXerror

‎08-17-2014 10:30 PM

What patch are you running on your deployment? Also:

1. Make sure your node is set to "standalone"

2. You don't see any other nodes in the deployment window

 

Thank you for rating helpful posts! 

0 Helpful

senaka_bs
Level 1
Level 1

‎06-10-2015 08:57 PM

In version 1.2.1, you cannot change the CLI password expiry from the CLI. It has to be done from the Admin GUI.

Administration -> System -> Admin Access -> Authentication -> Password Policy

Then disable /untick Suspend or Lock Account with Incorrect Login Attempts

After that you can confirm the settings via show run command in CLI.

If you have multiple ISE servers, this will apply to all of the at once.

- See more at: https://supportforums.cisco.com/discussion/11686231/how-disable-ise-cli-password-expiration#sthash.RGQLAPNj.dpuf

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents