SA2000 Password Management - AD integration - Forc...

wiley_ · ‎08-25-2009

Hi,

If all the steps necessary for password management (advanced license, LDAPS etc.) are in place is it possible to implement a lockout on a user's account signging in through the IVE; I know from supported password management functions matrix that IVE can check if an account is locked out or expired but what I want to do is configure it so that if a user enters a password incorrectly via the IVE login page, say 3 times, that their account is locked. I'd appreciate any views as to if this is possible; I presume not and that the password management feature only 'pulls' information from the AD as to status of a user account and that an incorrect login through the IVE would not count towards any account lockout threshold set on AD.

Any guidance appreciated.

wotsit_ · ‎08-25-2009

I do believe that if the AD is set to lock out after 3 incorrect login attempts, then this will still be enforced via the Juniper access. Therefore if a users attempts to log in via Juniper incorrectly 3 times, then you should see the account be locked out in AD.

muttbarker_ · ‎08-26-2009

Wotsit is 100% correct. The SA box does not do any lockout validation. It simply passes the credentials on to the AD box and accepts the returned result of good login, bad password, lockout.....

SA2000 Password Management - AD integration - Force User Account Lockout?

SA2000 Password Management - AD integration - Force User Account Lockout?

Re: SA2000 Password Management - AD integration - Force User Account Lockout?

Re: SA2000 Password Management - AD integration - Force User Account Lockout?