An AAA Local User Cannot Be Created Due to Incorrect Password Setting
Possible Causes
- The length of the user password does not meet requirements.
- The complexity of the user password does not meet requirements.
- The password contains forbidden words.
Procedure
- Handle the problem according to the error message.
Error Message
Possible Cause and Verification
Solution
Error: The password length must range from 8 to 128.
NOTE:The password length range from 8 to 128 is an example. The actual password length depends on the configuration on the device.
The minimum password length is configured on the device or the security policy function is enabled on the device for local accounts. The password length does not reach the minimum length.
Run the display this command in the AAA view to verify the following items:
- If the local-user policy password min-len command has been executed, the device is configured to limit the minimum length of passwords.
- If the undo local-user policy security-enhance is not executed, the security policy function is enabled on the device for local accounts. The password must contain at least eight characters.
When you create a local user, the password length must be longer than the minimum password length configured on the device.
Error: New password must contain at least one capital letter, one symbol and one number.
The complexity check is enabled for local user passwords. The configured password does not contain digits, upper-case letters, or special characters (excluding spaces and question marks). The password can contain spaces if it is put within double quotation marks ("").
Run the display this command in the AAA view to check whether the local-user policy password complexity-enhance command has been executed.
The password of a local user must contain one or more digits, upper-case letters, and special characters with the exception of spaces and question marks (?). The password can contain spaces if it is put within double quotation marks ("").
Error: Password is too simple, it should include capital, lowercase, number and special character.
The security policy function is enabled on the device for local accounts. The configured password does not contain digits, upper-case letters, lower-case letters, or special characters (excluding spaces and question marks). The password can contain spaces if it is put within double quotation marks ("").
Run the display this command in the AAA view to check whether the undo local-user policy security-enhance command has been executed.
The password of a local user must contain one or more digits, upper-case letters, lower-case letters, and special characters with the exception of spaces and question marks (?). The password can contain spaces if it is put within double quotation marks ("").
Error: Admin device's new password should not include the username or username revert.
NOTE:The user name device is an example. The actual user name depends on the configuration on the device.
The security policy function is enabled on the device for local accounts, and the configured password contains the user name or the user name in inverse order.
Run the display this command in the AAA view to check whether the undo local-user policy security-enhance command has been executed.
The password of a local user cannot contain the user name or the user name in inverse order.
Error: The password is too simple, it should not contain forbidden words.
Forbidden words are configured on the device for passwords, and the configured password contains one or more forbidden words.
Run the display this command in the password security view to check whether the forbidden word command has been executed.
The password of a local user cannot contain any forbidden word.
If both the security policy function and minimum password length are configured on the device, the stricter condition is used.
For security purposes, you are advised not to cancel the preceding security configurations.
