cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2024
Views
20
Helpful
10
Replies
Ufuk 57
Beginner

message does not go away in WLC 9800 -> message: Password lifetime has not been configured for your ID.

we get a popup message after successful login to the c9800-cl web management interface and the message comes by every login..

 

that’s the message:

Password lifetime has not been configured for your ID. It is recommended to set the password expiry period. Contact your network administrator.

 

Unbenannt.PNG

 

has an idea how to get this message away?

 

I had already test the config under AAA Advanced / Password Policy / Validity to set "never expries" , I could not find any options to lifetime?!

 

Thanks!

Regards,

 

10 REPLIES 10
JoeyHoffman
Beginner

We are getting this pop up message too. It started happening after setting up TACACS+ logins. But it also shows up on the initial local admin account.

dylnmccfry
Beginner

I've done this as well and set it to a value like 1 year and no difference.
Dominic Stalder
Enthusiast

Hey guys

 

just wanted to let you know; I installed IOS-XE 16.12.1s yesterday and this version allows the option to "do not show the message again" after first login:

 

Cisco IOS-XE 16.12.1s.png¨

 

At least, you can hide the warning now :-)

 

Best regards

Dominic

Has anyone solved this problem ? On 16.2.3 it still happens

So when you hide the warning, it still shows? I get that because the username that you use to login doesn’t not have the policy defined. Try to create a new admin login with that policy define and login with that credentials and see if you get the alert.
-Scott
*** Please rate helpful posts ***

Hi Scott,

thanks for your reply. I´m doing Authentication via TACACS+  (which is working). But i also want to configure a local user in case TACACS+ or network fails. 

 

If i´m not configuring a local user i get:

Password lifetime has not been configured for your ID. It is recommended to set the password expiry period. Contact your network administrator.

 

If i have an local user configured (with the same username) and a AAA password-profile bound (lifetime 1 year)

aaa common-criteria policy TEST
min-length 18
max-length 127
numeric-count 3
upper-case 3
lower-case 3
char-changes 5
lifetime year 1

 

I`ll get:

Your password has expired. To access this application, you are required to change your password now.

 

Thanks in advance

Never use a username that also is used in Tacacs login. Your local username should be unique. Did you try to hide the message?
I still have the message on all my controllers... I didn’t hide it and I didn’t set any policies as it doesn’t really bother me.
-Scott
*** Please rate helpful posts ***

I just created a policy and applied that policy to a new test admin user and logged in with that account and didn't get the message. I'm running 17.2 by the way, also the other accounts that I don't want to expire doesn't have the policy applied still gets the message.
-Scott
*** Please rate helpful posts ***

Keep in mind that things was changed/fixed in 17.2.1 that would cause issues when upgrading or downgrading. Look at the show run and the command line for the user account. The top example (from the UI) will cause errors when you upgrade/downgrade, you will need to use the cli to edit the user account as the example show below. -username privilege 15 common-criteria-policy wlan-profile-name password 6 -username privilege 15 common-criteria-policy password 6
-Scott
*** Please rate helpful posts ***
sid john
Beginner

same happening on ISR4351 - isr4300-universalk9.16.09.06.SPA.bin

i've created user webadmin. but still this message pops up....annoying

username webadmin privilege 15 common-criteria-policy AAA secret 5 $1$2mr6$9tFQ8doSDG9MbdlRhonB21
BORDER-ISR4351#sh run | i aaa
aaa new-model
aaa local authentication default authorization default
aaa authentication login default local
aaa authentication webauth default local
aaa authorization console
aaa authorization exec default local 
aaa common-criteria policy AAA
aaa login success-track-conf-time 24
aaa session-id common
ip http authentication aaa login-authentication default
ip http authentication aaa exec-authorization default
ip http authentication aaa command-authorization 15 default
aaa common-criteria policy AAA
 min-length 6
 max-length 127
 char-changes 4
 lifetime year 40
Content for Community-Ad