Guest

Cisco Secure Access Control Server for Windows

Setting Up the User-Changeable Password Utility in Cisco Secure ACS for Windows

Cisco - Setting Up the User-Changeable Password Utility in Cisco Secure ACS for Windows

Document ID: 13869

Updated: Aug 04, 2006

   Print

Introduction

This document demonstrates how to configure the Cisco Secure Access Control Server (ACS) for Windows 2.6 (ACS) User-Changeable Password (UCP) utility with Internet Information Server (IIS) on Microsoft Windows 2000 and Microsoft Windows NT. These directions also work in versions subsequent to 2.6 and have also been tested with Cisco Secure ACS for Windows 3.2. The UCP utility that comes with ACS allows users to change their own passwords in the Cisco Secure database with an HTTP interface once connected to the network. ACS has been previously installed. The examples demonstrate how to install UCP, configure the IIS server, check and change directory permissions, and then test the installation. The screen captures were done on Windows 2000. Windows appear slightly different on Windows NT, and differences are noted.

UCP software normally comes on the Cisco Secure CD in the User Changeable Password directory. Registered users can also get the most current build of the software from the Cisco Secure ACS Downloads (registered customers only) .

Prerequisites

Components Used

The information in this document is based on these software and hardware versions:

  • Microsoft Windows 2000 Server Internet Information Server

  • Microsoft Internet Information Server 4.0

  • Cisco Secure ACS for Windows 2.6 User-Changeable Password (This has also been tested with Cisco Secure ACS for Windows 3.2.)

The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Install UCP

Complete these steps:

  1. The UCP code is located in the User Changeable Password directory on CD. Run setup in order to install UCP.

  2. After the initial check box window, choose the default directory for the HTML pages:

    ucp-01.gif

  3. Choose the default directory for the CGI script:

    ucp-02.gif

  4. Enter the default virtual directory HTML path:

    ucp-03.gif

  5. Enter the default virtual directory CGI path:

    ucp-04.gif

  6. Accept the default IP address for the ACS installation. For example, put UCP on the same box as ACS:

    ucp-05.gif

  7. Once the UCP install is finished, configure the IIS server.

Configure the IIS Server

Windows NT

Complete these steps:

  1. Choose Programs > Windows NT 4.0 Option Pack > Microsoft Internet Information Server > Internet Service Manager (ISM).

  2. Expand the server in order to see the Default Web Site, and right-click Default Web Site .

    Choose New > Virtual Directory. The Virtual Creation Directory wizard is displayed. Continue the Windows 2000 steps and start with step 3.

Windows 2000

Complete these steps:

  1. Choose Programs > Administrative Tools > Configure Your Server.

    Click the plus sign in order to expand Web-Media Server. Click Web Server.

  2. In the right pane, click Internet Information Services.

    Click the plus sign in order to expand your server. Right-click Default Web Site and choose New > Virtual Directory:

    ucp-06.gif

  3. Enter a name for the Virtual Directory for the HTML pages. The example directory is called secure:

    ucp-07.gif

  4. Specify the default path you previously chose for the HTML pages:

    ucp-08.gif

  5. Set the Access Permissions on the virtual directory:

    ucp-09.gif

  6. Create another virtual directory for the CGI script. This example is called securecgi-bin:

    ucp-10.gif

  7. Specify the default path you previously chose for the CGI script:

    ucp-11.gif

  8. Set the Access Permissions on the virtual directory:

    ucp-12.gif

  9. Right-click Default Web Site for ISM and choose Properties.

    Go to the Home Directory tab and enter C:\inetpub\wwwroot\secure\ for the Local Path:

    ucp-13.gif

  10. Go to the Documents tab and check Enable Default Document in order to and add login.htm.

    Use the arrow button in order to move login.htm to the top:

    ucp-14.gif

Configure Directory Permissions

Permissions for Everyone

Windows NT

The default permissions at installation do not need to be changed. You can skip this step.

Windows 2000

Complete these steps:

  1. After the completion of the IIS changes, choose My Computer > C:\InetPub\wwwroot\secure.

  2. Right-click and choose Properties > Security.

  3. Click Everyone and check Allow for Write in the Permissions area:

    ucp-15.gif

Permissions for Administrators

Windows NT

The default permissions at installation do not need to be changed. You can skip this step.

Windows 2000

Complete these steps:

  1. Choose My Computer > C:\InetPub\wwwroot\securecgi-bin.

  2. Right-click and choose Properties > Security.

  3. Click Administrators and verify that Allow is checked for Read and Read & Execute in the Permissions area:

    ucp-16.gif

Test UCP

Complete these steps:

  1. Open a browser on the local machine and point to http://your_ip_address .

  2. Enter the ACS username/password for a known working user, someone who is able to authenticate to a device that uses the ACS database:

    ucp-17.gif

  3. Enter old and new passwords for the user:

    ucp-18.gif

  4. You receive the Password Changed Successfully message:

    ucp-19.gif

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: Aug 04, 2006
Document ID: 13869