09-10-2012 12:45 PM - edited 02-21-2020 06:19 PM
Hi,
I require inputs on following points,
1). Using tacacs is it possible to assign static ips to users? what attribute is used to do so ? AFA i remember This feature is available in radius 'vpnframedipv4' attribute.
2). If using radius authentication, is it possible to get change password prompt for ACS users in case if ACS feature "Change password on next login" selected ?
Thanks,
09-10-2012 04:00 PM
Hi,
Your best method is to use radius for any vpn related authentication, tacacs is for device administration.
thanks,
Tarik Admani
*Please rate helpful posts*
09-11-2012 01:27 AM
Dear Tarik,
Thanks for reply, as per suggestion if I start using radius in that case how users will chagne their passwords ? Is UCP is the only solution in that case ?
Please suggest.
Thanks,
09-11-2012 04:28 AM
Well, I think if you are forcing the users to change the password after it times out you don't need a UCP and they will be prompted for password renewal once they try to auth. However, If you want the users to change the password even though it is not yet timed-out I think you need the UCP.
Check this: http://tiny.cc/u4xgkw
@Tarik Admani: Correct me if I am wrong.
Rating useful replies is more useful than saying "Thank you"
09-11-2012 06:30 AM
Amjad,
You read my mind, you only need UCP as a workaround for devices and protocols that do not support password change.
Masif,
You can leverage the ASA and if you are using anyconnect ssl vpn client (i am not for sure if the ipsec client can do this) but you can set the "password management" feature on the ASA vpn configuration so that the protocol switches from PAP to mschapv2 (which supports password change). The will work for users on the ACS internal DB and in AD, there were a few bugs for users on the internal db but I think they have been addressed now.
Thanks,
Tarik Admani
*Please rate helpful posts*
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide