Guest

Preview Tool

Cisco Bug: CSCvh86442 - Internal users with MAC-addr like username disabled due to last active timer not updated

Last Modified

Sep 27, 2019

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.3(0.902)

Description (partial)

Symptom:
When you have usernames in format of hex numbers like: a01146837d5f (random example), those will get disabled due to 'disable account policy' despite the fact that those users log in on regular basis. When such a user does AAA/Tacacs via ISE, you can see the usernames are translated to the form a0:11:46:83:7D:5f when written to the MnT tables. This causes a mismatch with the original username, so the last active time is not updated.

Conditions:
1 Usernames in hex format
2 Disable account policy configured.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.