Security

Hi,

I use clearpass to provide  TACACS authentication  for our Aruba switches, mobility controllers and  Airwave.

Auths are against local users defined in clearpass  and i then assign the appropriate  access level  for individual users in a role mapping file.

1). I've never managed to  get the "Check to force change password on next TACACS+ login" to work for  Aruba switches ... is it supposed to ( cppm 6.10.3)  switch WC.16.10.18) 

2). If youre using clearpass to manage  TACACS accounts
a) there doesnt seem to be a way of setting password expiries 
b).there doesnt seem to be a way of  forcing password formats

Would you use guest accounts instead of local user accounts for this.


Rgds
A

------------------------------
Alex Sharaz
------------------------------

I found this on an ISE post and it worked

ssh to the network device and enter the username. When prompted for the password, press Enter (do NOT enter the current password).

ssh testuser@labgw1

(testuser@labgw1) Password:   <<<<<<<<<<<<<<<<<<Just hit ENTER
(testuser@8labgw1) (Change Password) Current password:

Original Message:
Sent: Mar 14, 2022 06:01 AM
From: alexs-nd
Subject: TACACS password changes

Hi,

I use clearpass to provide  TACACS authentication  for our Aruba switches, mobility controllers and  Airwave.

Auths are against local users defined in clearpass  and i then assign the appropriate  access level  for individual users in a role mapping file.

1). I've never managed to  get the "Check to force change password on next TACACS+ login" to work for  Aruba switches ... is it supposed to ( cppm 6.10.3)  switch WC.16.10.18) 

2). If youre using clearpass to manage  TACACS accounts
a) there doesnt seem to be a way of setting password expiries 
b).there doesnt seem to be a way of  forcing password formats

Would you use guest accounts instead of local user accounts for this.


Rgds
A

------------------------------
Alex Sharaz
------------------------------