cancel
Showing results for 
Search instead for 
Did you mean: 

Password update - TACACS+ authentication

Sicky_358873
Nimbostratus
Nimbostratus

Hi,

 

I have a F-5 BIG-IP i4600 (version 12) configured with remote authentication to a TACACS + server (Cisco ACS)

 

The authentication works correctly.

 

The problem happens when the password expires, access to the F5 device is denied, without request password update.

 

From the web interface F5, users can not change their password.

 

Is it possible what I try to do? It's necessary that users can update their password from the web interface of the F5 device

 

Thank you!

 

2 REPLIES 2

boneyard
MVP
MVP

a quick google reveals

 

https://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007e6a6.h...

 

To use this feature, verify that your NAS is running the TACACS+ or RADIUS protocol for password aging over dialup connections. Only password aging over interactive connection (Telnet) is supported with TACACS+.

 

so i would say, this isn't supported, not a F5 issue, but a protocol issue.

 

And why is this possible and perfectly working with APM? If I remember correctly, there it is fully supported. You can also customize the password expire screens. Or is this only working with AD or LDAP AAA-servers?

And why is it working, when I login e.g. to a Cisco device?

I also agree with Sicky, that this should be working.

Can you please provide further details here? For your reference, we are currently running 15.1.2.1 if this makes any differences.

Thank you!

 

Regards Stefan 🙂