Cisco enable password

Try this:
enable secret 0 cisco
service password encryption.
The 5 in the command above says the password that follows is an encrypted password. After the service command the passwords should get encrypted in the configuration.
vel 5 with password ‘password’
#enable secret level 5 ?
0 Specifies an UNENCRYPTED password will follow
4 Specifies an SHA256 ENCRYPTED secret will follow
5 Specifies a MD5 ENCRYPTED secret will follow
LINE The UNENCRYPTED (cleartext) ‘enable’ secret

If I type in: switch# "enable secret 5 cisco"
and I exit out of global config mode and priv exec mode and then I type in "enable" I get prompted for the password and I type in "cisco" it asks for the password again, until finaly it says "bad secrets". What did I do wrong?
However if I type in "enable password cisco" and go back into "enable" I type in the password and I can get into priv exec mode no problem.
whats the problem?
This topic first appeared in the Spiceworks Community

Similar Messages

Enable password recovery in cisco 2950 with AAA

Hello friends,
I need to reccover switch enable password, i have already configured AAA also, when i am tryig to follow below proceedure finally saying Authorization failed. how can i recover enable password,
Regards,
Haris
If I try to recover password like this description says
http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_25_see/configuration/guide/swtrbl.html#wp1090048
Step 1 Connect a terminal or PC with terminal-emulation software to the switch console port.
Step 2 Set the line speed on the emulation software to 9600 baud.
Step 3 Power off the switch. Reconnect the power cord to the switch and, within 15 seconds, press the Mode button while the System LED is still flashing green.
Base ethernet MAC Address: 00:0x:xx:xx:xx:xx
Xmodem file system is available.
The password-recovery mechanism is enabled.
The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:
flash_init
load_helper
boot
switch:
Step 4 switch: flash_init
Initializing Flash...
flashfs[0]: 600 files, 19 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32514048
flashfs[0]: Bytes used: 7713792
flashfs[0]: Bytes available: 24800256
flashfs[0]: flashfs fsck took 10 seconds.
...done Initializing Flash.
Boot Sector Filesystem (bs) installed, fsid: 3
Setting console baud rate to 9600...
Step5 switch:load_helper
Step6 switch: dir flash:
Directory of flash:/
2 -rwx 916 <date> vlan.dat
5 drwx 192 <date> c2960-lanbase-mz.122-25.SEE1
620 -rwx 5488 <date> config.text
621 -rwx 5 <date> private-config.text
24800256 bytes available (7713792 bytes used)
Step7 switch: rename flash:config.text flash:config.text.old
Step8 switch: boot
Loading "flash:c2960-lanbase-mz.122-25.SEE1/c2960-lanbase-mz.122-25.SEE1.bin"...
Initializing flashfs...
flashfs[1]: 600 files, 19 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 32514048
flashfs[1]: Bytes used: 7713792
flashfs[1]: Bytes available: 24800256
flashfs[1]: flashfs fsck took 1 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.
64K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:0x:xx:xx:xx:xx
Motherboard assembly number : xxxxxxxxxx
Power supply part number : xxxxxxxxxxx
Motherboard serial number : xxxxxxxxxxx
Power supply serial number : xxxxxxxxxxx
Model revision number : B0
Motherboard revision number : B0
Model number : WS-C2960G-24TC-L
System serial number : xxxxxxxxxxxx
Top Assembly Part Number : xxxxxxxxxxxx
Top Assembly Revision Number : B0
Version ID : V02
CLEI Code Number : xxxxxxxxxxxxx
Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image
* 1 24 WS-C2960G-24TC-L 12.2(25)SEE1 C2960-LANBASE-M
Press RETURN to get started!
Step9 Hit <Enter>
Would you like to terminate autoinstall? [yes]: yes
Step10
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]no
Switch>
Step11 Switch> enable
Step12 Switch# rename flash:config.text.old flash:config.text
Destination filename [config.text]? <Enter>
Step13 Switch# copy flash:config.text system:running-config
Destination filename [running-config]?<Enter>
5488 bytes copied in 0.940 secs (5838 bytes/sec)
Step14 NewSwitchName#conf t
% Authorization failed.
Doesn't this procedure work any more ?

The password recovery worked, but you copied your problematic config back to the switch. Skip Step 13 and paste only the working part of the config to the switch.
You can see your renamed config with "more flash:config.text.old".

Cisco Secure ACS with UCP assistance and enable password

I am running Cisco Secure ACS version 4.2 running on a
Standalone Windows 2003 Enterprise 2003with the lastest
windows service pack and update. Secure ACS is running
fine and I can authenticate with Cisco routers and
switches. The Windows 2003 server is also running Microsoft
IIS Server. In other words, the IIS server and Cisco
Secure ACS is running on the same windows 2003 server.
I am trying to get Cisco User-Changeable password to work
with Cisco Secure ACS. I followed the release notes lines
by lines and the work around provided below:
Also server require more privileges for the internal windows user that runs CSusercgi.exe.
The name of the windows user that runs UCP is IUSR_<machine_name>.
Workaround steps:
1) Install UCP 4 on a machine that runs IIS server.
2) Open IIS manager
3) Locate Default Web Site
4) Double click on the virtual name 'securecgi-bin'
5) Right click on CSusercgi.exe and choose Properties
6) Choose 'File Security' tab
7) Choose 'Edit' in 'Authentication and access control' area
8) Change username from IUSR_<machine_name> to 'Administrator' and enter his
password (make sure that 'Integrated Windows authentication' is checked)
I still can NOT get this to work. I got this error:
It says:
The page cannot be found
The page you are looking for might have been removed,
had its name changed, or is temporarily unavailable.
HTTP Error 404 - File or directory not found.
Internet Information Services (IIS)
I modified everything in the Windows 2003 to be "ALLOWED" by
EVERYONE. In other words, there are NO security on the windows 2003.
It is still NOT working.
The other question I have is that can Cisco UCP allow user
to change his/her enable password?
Can someone help? Thanks.

Yes bastien,
Thank you.
But one thing more i want to know that in its Redundant AAA server, when i try to open IIS 6.0 window 2003; it prompts for Username and Password.
I've given it several time; also going through Administrator account with administrative credentials but it always failed.
Any suggestions/solution/?
This time many thanks in advance.
Regards
Mehdi Raza

Cisco ASA Enable Password

Hey,
I am trying to change the enable password on cisco ASA 5510. I run enable password <password>. I log off, and log back in with my username/password and type en, it asks for a password and enter the password that I just set but it does not work.
what am I missing?
Thanks

Are you using the local user database or a TACACS or RADIUS server to authenticate?
If using a TACACS or RADIUS server enter your user password when you type enable. If that doesn't work disconnect the TACACS or RADIUS server and try to enter the enable password you created.
If using the local user database, are you sure that you are entering the password correctly? Perhaps you typed it incorrectly when creating it and accidentally put a space at the begining or end?
If non of the above work then you will need to perform a password recovery:
Reboot your ASA
Press the Esc key to enter ROMON mode when prompted
Change the configuration register value to 0x41 by using the command confreg 0x41
To tell the ASA to ignor the startup configuration issue the command confreg
     Current Configuration Register: 0x00000041
     Configuration Summary:
       boot default image from Flash
       ignore system configuration
     Do you wish to change this configuration? y/n [n]: y
    5. At the prompt enter Y
    6. Accept all default values when prompted
    7. Reload the ASA by enter the command boot
    8. When prompted enter enable and leave the password blank
    9. Issue the command copy start run
10. Enter configuration mode configure terminal
11. Enter the command no config-register (the value is returned to its default value of 0x1)
12. Save your configuration copy run start
Please remember to rate and select a correct answer

Cisco router 3800 hub .. enable password not configure

Dear All,
Please Help me what i do ?
When i m configured enable password by command Router(config)#enable password xyz
Then password is not set the same is in secret password
pls tell the problem and what the solution for that.

Hi,
Not sure if I understand your question. If you assigned a password using "enable password xyz"
You can see the password if you issue "sh run" you can than change the password to whatever you want.
Maybe you can clarify what you are trying to do
HTH

Why do my firewalls only use the domain username and password for login and enable passwords, not a different enable password like my switches do? The RADIUS config looks the same...

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Issue:
Cisco firewalls require only one level of password i.e. the domain username and password are used for both logging in as well as reaching global configuration mode.
Background:
We have multiple Cisco network devices set up which authenticate to our Windows domain controller using NPS (Windows 2008 R2). The switches we have set up all function exactly as we would hope as they require your domain username and password to login to the device. They then require a separate password when you use the enable command, this is stored in Active Directory:
Switches:
Username:domain-username
Password:domain-password
SWITCH>enable
Password:enable-password-in-Active-Directory
SWITCH#
Firewalls (as they currently are):
Username:domain-username
Password:domain-password
FIREWALL>enable
Password:domain-password
FIREWALL #
With the firewalls however, they require your domain username and password first, and then your domain password again when using the enable command. I want the firewalls to use the enable level password that the switches currently use instead of the domain password again. The current configuration look like the following:
Current switch configuration:
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default group radius enable
aaa authorization exec default group radius local
aaa session-id common
radius-server host 192.168.0.1 auth-port 1645 acct-port 1646
radius-server source-ports 1645-1646
radius-server key 7 1234abcd
Current firewall configuration:
aaa-server DC01 protocol radius
aaa-server DC01 (outside) host 192.168.0.1
aaa authentication ssh console DC01 LOCAL
aaa authentication enable console DC01 LOCAL
key 1234abcd
Any help would be great, thanks!

Cisco ASA works that way by design. You could remove "aaa authentication enable" and then you could use the "enable password" command to set your enable password.
But if you do that, then ASA would change your username to "enable_15". That would break Authorization and Accounting if you're using them. Let me clarify with an example
Firewalls :
Username:domain-username
Password:domain-password
FIREWALL>show curpriv
Username : domain-username
Current privilege level : 1
Current Mode/s : P_UNPR
FIREWALL>enable
Password:enable-password-from-running-config
FIREWALL #show curpriv
Username : enable_15
Current privilege level : 15
Current Mode/s : P_PRIV
If you're using Authorization and Accounting it's recommended to stick with your current behavior.

ACS 5.3 userbased/custom enable passwords

Hello,
I've installed Cisco ACS 5.3. After I created several internal users (defined password and enabled password), Identiy Groups, Access Polices, Network Devices and AAA Clients (e.g. Cisco 1841) for Radius and configured my Router like this:
aaa authentication login VTY group radius local-case
aaa authentication enable default group radius enable
Now I'm able to login successful using my internal User. But if I try to use enable to enter the enable level I'll receive the message "% Error in authentication." when I use the defined enable password.
In the ACS logging I'll can see that "$enab15$" is missing.
If I setup a user name "$enab15" I can login to enable level, but what have I to do, to use the custom enable passwords?
Kind regards
Kai
=== Correct answer ===
Hello,
please see the attachment.
Step 1.2 - 1.5 is requiered for both (Radius and Tacacs). Then you have to switch to 2.1-2.7 for Radius or 3.1 - 3.7 for Tacacs authentication.
The document shows you all steps you have to take. The box on the right side shows to you in the headline "Requiered for".This should help you the find out why this is configured and where you will need in future steps. or "Provided by" should tell you where you have configured it.
But I'm sure, you will make it.
I've testet it with the following hardware:
Cisco Router:
600 ,800 ,1800 ,1900 ,2600 ,2800 ,2900, 3900, 4000, 7200 ,7300 Series
Cisco Switches:
2900, 2950, 2960, 3550, 3560, 3750, 4500, 6500, Nexus 5500 Series
Cisco Unified Communicaton:
Call Manager Express, UC560
Hewlett-Packard Switches:
1700, 1800, 2500, 2600, 3500, 5400, 8100 (out of sale) Series
Yes, working in a datacenter is fine for testing

Hi Kai,
can you share the configurations for TACACS?
Thanks

TACACS enable password is not working after completing ACS & MS AD integration

Enable password for (Router, Switches) is working fine if identify source is "Internal Users", unfortunately after completed the integration between ACS to MS AD, and change the Identity source to "AD1" I got the following result
1. able to access network device (cisco switch) using MS AD username and password via SSH/Telnet.
2. Enable password is not working (using the same user password configured in MS AD.
3. When I revert back and change the ACS identity source from "AD1" to "Internal Users" enable password is working fine.
Switch Tacacs Configuration
aaa new-model
aaa authentication login default none
aaa authentication login ACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec ACS group tacacs+ local
aaa authorization commands 15 ACS group tacacs+ local
aaa accounting exec ACS start-stop group tacacs+
aaa accounting commands 15 ACS start-stop group tacacs+
aaa authorization console
aaa session-id common
tacacs-server host 10.X.Y.11
tacacs-server timeout 20
tacacs-server directed-request
tacacs-server key gacakey
line vty 0 4
session-timeout 5
access-class 5 in
exec-timeout 5 0
login authentication ACS
authorization commands 15 ACS
authorization exec ACS
accounting commands 15 ACS
accounting exec ACS
logging synchronous
This is my first ACS - AD integration experience, hoping to fix this issue with your support, thanks in advance.
Regards,

Hi Edward,
I created a new shell profiles named "root" as the default one "Permit Access" can't be access or modified, underneath the steps I've made.
1. Create a new shell profile name "root" with max privilege of 15. And then used it in "Default Device Admin/Authorization/Rule-1" shell profile - see attached file for more details.
2. Telnet the Switch and then Issue "debug aaa authentication" using both "Root Shell" and "Permit Access" applied in Rule-1 profile.
Note:
I also attached here the captured screen and debug result for the "shell profiles"

Resetting PIX 515E 'enable' password and/or Factory Reset

                   We have a PIX Firewall where the last user of the device had not changed the 'enable' password and username so we are locked out of the device. I did some research and found a password reset tool that was supposed to clear the 'enable' password on the device. I set up a TFTP with the 'np61.bin' file needed. I went into 'monitor>' mode, set the interface, address and server address and it pings with success. I pointed it at the file and sent the 'tftp' command. I saw it downloading and booting off the binary file and after letting it go for a little bit (I walked away for a little while and came back to my telnet prompt) I noticed it was stuck in a loop:
No bootable image in flash. Please download an image from a network server in the monitor mode
Failed to find an image to boot
Rebooting......
                    I downloaded a copy of the latest firmware, 'pix804-28.bin', and repeated the process used for the password reset file. After loading, I am greeted with my familiar prompt:
XXXX-XXX-Xx-Xx0-XX>
XXXX-XXX-Xx-Xx0-XX>enable
Username: pix
Password: pix
Username: pix
Password:
Username: cisco
Password: cisco
Access denied.
XXXX-XXX-Xx-Xx0-XX>
                    I then did a hard reset, and was stuck back in the loop I was in before, asking me to reflash a boot image. I now need to somehow load the IOS back onto the router (As it seems to just be booting from the TFTP server), and then after that still remove the enable password or somehow default the entire firewall to Factory Defaults. If anyone knows how to solve my issue or has any ideas for me to try, you help would be greatly appreciated, thanks!

Still having trouble with this, has no one encountered this problem before?

Tacac+ logins asking for enable password

Hi,
7609 with the following IOS version.
Cisco IOS Software, c7600s72033_rp Software (c7600s72033_rp-ADVIPSERVICES-M), Version 15.2(4)S4a, RELEASE SOFTWARE (fc1)
Tacacs+ users can successfully login via telnet but its asking for the enable password to go to privilege mode. I have tried everything I could but it keeps asking for the enable password. How do I get rid of the enable password for the tacacs+ users? The following is the current relevant config.
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
aaa new-model
aaa group server tacacs+ TAC_PLUS
server name AUTH
aaa authentication login default group TAC_PLUS local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
tacacs server AUTH
address ipv4 xx.xx.xx.xx
key 7 xxxxxxxxxxxxxxxxxxxxx
line con 0
line vty 0 4
session-timeout 15
access-class 10 in
exec-timeout 120 0
timeout login response 15
transport input telnet
ip telnet source-interface Loopback1
ip tacacs source-interface Loopback1

Hi,
I did not have aaa authentication and tacacs debugging enabled. I have enabled them all and this is what it shows when tacacs+ works but have to type the enable password.
Nov 18 07:39:35: AAA/AUTHEN/LOGIN (00000000): Pick method list 'default'
Nov 18 07:39:35: TPLUS: Queuing AAA Authentication request 0 for processing
Nov 18 07:39:35: TPLUS: processing authentication start request id 0
Nov 18 07:39:35: TPLUS: Authentication start packet created for 0()
Nov 18 07:39:35: TPLUS: Using server xx.xxx.xxx.xxx
Nov 18 07:39:35: TPLUS(00000000)/0/NB_WAIT/56CA2684: Started 5 sec timeout
Nov 18 07:39:35: TPLUS(00000000)/0/NB_WAIT: socket event 2
Nov 18 07:39:35: TPLUS(00000000)/0/NB_WAIT: wrote entire 20 bytes request
Nov 18 07:39:35: TPLUS(00000000)/0/READ: socket event 1
Nov 18 07:39:35: TPLUS(00000000)/0/READ: Would block while reading
Nov 18 07:39:35: TPLUS(00000000)/0/READ: socket event 1
Nov 18 07:39:35: TPLUS(00000000)/0/READ: read entire 12 header bytes (expect 43 bytes data)
Nov 18 07:39:35: TPLUS(00000000)/0/READ: socket event 1
Nov 18 07:39:35: TPLUS(00000000)/0/READ: read entire 55 bytes response
Nov 18 07:39:35: TPLUS(00000000)/0/56CA2684: Processing the reply packet
Nov 18 07:39:35: TPLUS: Received authen response status GET_USER (7)
Nov 18 07:39:37: TPLUS: Queuing AAA Authentication request 0 for processing
Nov 18 07:39:37: TPLUS: processing authentication continue request id 0
Nov 18 07:39:37: TPLUS: Authentication continue packet generated for 0
Nov 18 07:39:37: TPLUS(00000000)/0/WRITE/4752E370: Started 5 sec timeout
Nov 18 07:39:37: TPLUS(00000000)/0/WRITE: wrote entire 24 bytes request
Nov 18 07:39:37: TPLUS(00000000)/0/READ: socket event 1
Nov 18 07:39:37: TPLUS(00000000)/0/READ: read entire 12 header bytes (expect 16 bytes data)
Nov 18 07:39:37: TPLUS(00000000)/0/READ: socket event 1
Nov 18 07:39:37: TPLUS(00000000)/0/READ: read entire 28 bytes response
Nov 18 07:39:37: TPLUS(00000000)/0/4752E370: Processing the reply packet
Nov 18 07:39:37: TPLUS: Received authen response status GET_PASSWORD (8)
Nov 18 07:39:41: TPLUS: Queuing AAA Authentication request 0 for processing
Nov 18 07:39:41: TPLUS: processing authentication continue request id 0
Nov 18 07:39:41: TPLUS: Authentication continue packet generated for 0
Nov 18 07:39:41: TPLUS(00000000)/0/WRITE/55F31F34: Started 5 sec timeout
Nov 18 07:39:41: TPLUS(00000000)/0/WRITE: wrote entire 27 bytes request
Nov 18 07:39:41: TPLUS(00000000)/0/READ: socket event 1
Nov 18 07:39:41: TPLUS(00000000)/0/READ: read entire 12 header bytes (expect 6 bytes data)
Nov 18 07:39:41: TPLUS(00000000)/0/READ: socket event 1
Nov 18 07:39:41: TPLUS(00000000)/0/READ: read entire 18 bytes response
Nov 18 07:39:41: TPLUS(00000000)/0/55F31F34: Processing the reply packet
Nov 18 07:39:41: TPLUS: Received authen response status PASS (2)
Nov 18 07:39:41: AAA/AUTHOR (00000000): Method list id=0 not configured. Skip author
Nov 18 07:39:42: AAA/AUTHOR: auth_need : user= 'user1' ruser= 'r17609'rem_addr= 'xxx.xxx.xxx.xxx' priv= 0 list= '' AUTHOR-TYPE= 'commands'
Nov 18 07:39:42: AAA: parse name=tty1 idb type=-1 tty=-1
Nov 18 07:39:42: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 channel=0
Nov 18 07:39:42: AAA/MEMORY: create_user (0x776722A4) user='user1' ruser='NULL' ds0=0 port='tty1' rem_addr='xxx.xxx.xxx.xxx' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
Nov 18 07:39:42: AAA/AUTHEN/START (2568611223): port='tty1' list='' action=LOGIN service=ENABLE
Nov 18 07:39:42: AAA/AUTHEN/START (2568611223): non-console enable - default to enable password
Nov 18 07:39:42: AAA/AUTHEN/START (2568611223): Method=ENABLE
Nov 18 07:39:42: AAA/AUTHEN (2568611223): status = GETPASS
Nov 18 07:39:48: AAA/AUTHEN/CONT (2568611223): continue_login (user='(undef)')
Nov 18 07:39:48: AAA/AUTHEN (2568611223): status = GETPASS
Nov 18 07:39:48: AAA/AUTHEN/CONT (2568611223): Method=ENABLE
Nov 18 07:39:48: AAA/AUTHEN (2568611223): status = PASS
Nov 18 07:39:48: AAA/MEMORY: free_user (0x776722A4) user='NULL' ruser='NULL' port='tty1' rem_addr='xxx.xxx.xxx.xxx' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)

Ap 1252/Enable password after upgrade to LWAPP

Hi i converted a 1252 to LWAPP with the upgrade tool, but when the ap restarted with the ligthweigh image the access point does not accept the default enable password "Cisco", before upgrade to lightweigh image the enable password was "Cisco" too, now i can not configure the ip address of the controller.
Thanks.

If The ap's havent joined the wlc yet you can enter these commands:
AP#lwapp ap ip address
AP#lwapp ap ip default-gateway
AP#lwapp ap controller ip address
AP#lwapp ap hostname
(optional)
Here is a link:
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a00808e2d27.shtml

ASA5510 Enable password not working

Hi all,
I have a problem with an ASA5510 (8.0.4) firewall in South Africa (I'm in the UK).
It's a replacement firewall that I am trying to configure remotely through a serial device with an internet facing connection, but the enable password is not working.
I can connect to the device OK, type 'en' and when propted for the password whatever I use (blank, cisco, Cisco etc.) I get an 'invalid password' message.
Does anyone know how I can recover this remotely, if that is possbile?
Thanks
Alex

Hi,
Thanks for your reply.
Unfortunately, I have not configured aaa authentication - this is a replacement box with no config on it yet.
Is there anything else I can try?
Many thanks
Alex

Cisco 881 password

Hi All,
I set up enable password as well as telnet password on cisco 881-k9.
with the same password :kadd2013
no username confugured
when i saved the config , i was unable to login again using the same password i configured

Did it just ask for password? Could have you gotten white space in the password? Try to enter the password with a space after it. Either that or a typo. Did you have caps lock enabled?
Daniel Dib
CCIE #37149
Please rate helpful posts.

Accounts getting disabled after enabling password expiration on BOXI R2 SP2

Hi All,
We have a strange issue with our production environment.After enabling password expiration on the enterprise some accounts got disabled,on further investigation I found that these users were either trying to log on to Designer or 2 tier Deski.
I made them login through the Infoview to fix the issue.These users were Universe deginer or report writers.
Any Suggestions

Hi Tim,
These accounts are Enterprise accounts,according to the users they were not given a chance and they never got any prompt for the password change it was disabled directly at the first login.
These people were trying to logon using the Desginer or 2 Tier DESKI login and they are the members of the Administrtor Group also.
Is it important to logon to infoview or 3 tier DESKI to change your password?
I have no answer to give them why there accounts were disabled.
Please suggest
Thanks,
Arun

Radius authentication for the enable password

Dear Sir
I have an ACS and I have many switches in the network. I used to secure the telnet and
enable access to these switches with tacacas+ authentication protocol. so the username and
password is taken form the ACS internal database. Also the enable password is taken from
the ACS. Today we changed the tacacas+ to Radius because we use the 802.1x framework on
the wired network. Dot1x authentication worked fine and when you try to telnet to the
switch the username and password is taken but the enable password isnot taken from the
ACS. When I check the configuration on the ACS under the user page I found a checkmark to
use the enable password as the PAP password of the user but this is only under tacacs+
settings how can I make this for Radius This is my question. Please answer me asap. It is
urgent.
Thanks,

Dear iqambhir
Thank you very much for your help.
I already did that but this makes the enable pasword shared with all users and we don't want that.
I want the enable password to be taken as the PAP password of the user who tries to login but I didn't find that with radius. This option is there with tacacas+.
I want to know why the router or the switch sends that user " $enab15$ ". Is this bug on the system?
Pleae, If there is any other way to authenticate the enable password with the radius submit it.
Thanks alot,

Cisco enable password

Similar Messages

Maybe you are looking for