Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Account locked with fewer attempts as configured in the backup authetication server

SOLVED
Go to solution
guapista_
Occasional Contributor
‎05-19-2014 03:10:AM
‎05-19-2014 03:10:AM

Account locked with fewer attempts as configured in the backup authetication server

Hi,

 

We are using LDAP as authentication server where we have 5 login attempts configured before locking out an user account.

 

However, the IVE locks out the user account after 3 failed attempts.

 

Could someone explain me if the IVE takes the account policy setup from the LDAP backend server or from any setting within the IVE admin console? I was not able to find any useful information in the admin console. somothing similar is in:

  System - Configuration - Security - Miscellaneous

 

But do not think is the same becuase we are locking accoun the user accoung itslef, not the IP address.

 

Any thoughts?

Thanks!

Elena

0 Kudos
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
guapista_
Occasional Contributor
‎05-21-2014 01:32:AM
‎05-21-2014 01:32:AM

Re: Account locked with fewer attempts as configured in the backup authetication server

 

It seems the number of failure attempts are related to the number of authentication protocoles checked (Kerberos, ntlmv1, ntlmv2).

 

If we have 2 auth protolcs available (Kerberos and NTLMv2 for example), for every invalid attempt the user does, two attempts are being done with the backend AD server, so the account will be locked out before than expected.

 

For further details you can visit:

 

KB14021 -  http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB14021&smlogin=true

View solution in original post

0 Kudos
Reply
2 REPLIES 2
kalagesan_
Super Contributor
‎05-20-2014 10:57:PM
‎05-20-2014 10:57:PM

Re: Account locked with fewer attempts as configured in the backup authetication server

Hi Elena,

 

Hope you have enabled password managment option under Realm >Authentication Policy>Password in SA admin GUI.

 

I don't think  we enable lockout options with in SA other than what you mentioned  in   System - Configuration - Security - Miscellaneous.

 

Can you check at your LDAP Server side event logs on why the account being locked, do we see multiple attempts as expected and configured?

 

Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!

 

Regards,
Kannan

0 Kudos
Reply
guapista_
Occasional Contributor
‎05-21-2014 01:32:AM
‎05-21-2014 01:32:AM

Re: Account locked with fewer attempts as configured in the backup authetication server

 

It seems the number of failure attempts are related to the number of authentication protocoles checked (Kerberos, ntlmv1, ntlmv2).

 

If we have 2 auth protolcs available (Kerberos and NTLMv2 for example), for every invalid attempt the user does, two attempts are being done with the backend AD server, so the account will be locked out before than expected.

 

For further details you can visit:

 

KB14021 -  http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB14021&smlogin=true

0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.