cancel
Showing results for 
Search instead for 
Did you mean: 

Account locked with fewer attempts as configured in the backup authetication server

SOLVED
guapista_
Occasional Contributor

Account locked with fewer attempts as configured in the backup authetication server

Hi,

 

We are using LDAP as authentication server where we have 5 login attempts configured before locking out an user account.

 

However, the IVE locks out the user account after 3 failed attempts.

 

Could someone explain me if the IVE takes the account policy setup from the LDAP backend server or from any setting within the IVE admin console? I was not able to find any useful information in the admin console. somothing similar is in:

  System - Configuration - Security - Miscellaneous

 

But do not think is the same becuase we are locking accoun the user accoung itslef, not the IP address.

 

Any thoughts?

Thanks!

Elena

1 ACCEPTED SOLUTION

Accepted Solutions
guapista_
Occasional Contributor

Re: Account locked with fewer attempts as configured in the backup authetication server

 

It seems the number of failure attempts are related to the number of authentication protocoles checked (Kerberos, ntlmv1, ntlmv2).

 

If we have 2 auth protolcs available (Kerberos and NTLMv2 for example), for every invalid attempt the user does, two attempts are being done with the backend AD server, so the account will be locked out before than expected.

 

For further details you can visit:

 

KB14021 -  http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB14021&smlogin=true

View solution in original post

2 REPLIES 2
kalagesan_
Super Contributor

Re: Account locked with fewer attempts as configured in the backup authetication server

Hi Elena,

 

Hope you have enabled password managment option under Realm >Authentication Policy>Password in SA admin GUI.

 

I don't think  we enable lockout options with in SA other than what you mentioned  in   System - Configuration - Security - Miscellaneous.

 

Can you check at your LDAP Server side event logs on why the account being locked, do we see multiple attempts as expected and configured?

 

Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!

 

Regards,
Kannan

guapista_
Occasional Contributor

Re: Account locked with fewer attempts as configured in the backup authetication server

 

It seems the number of failure attempts are related to the number of authentication protocoles checked (Kerberos, ntlmv1, ntlmv2).

 

If we have 2 auth protolcs available (Kerberos and NTLMv2 for example), for every invalid attempt the user does, two attempts are being done with the backend AD server, so the account will be locked out before than expected.

 

For further details you can visit:

 

KB14021 -  http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB14021&smlogin=true