cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
440
Views
0
Helpful
0
Replies
Highlighted
Contributor

Urgent RADIUS question

Hi,

At a customer we have our WAAS appliances enabled for Radius authentication (via via to Active Directory). The authentication it self works. But when the AD password policy requests users to change credentials the AD accounts start locking-out.

We found out that CM is pushing user accounts to the appliances. When saving the account to the CLI config the appliance, the appliance does a radius authentication request. Because CM is configured with old/expired passwords this action locks our accounts quickly (100+ appliances).

How can we fix this? Can we configure the system not to store our old accounts and push them out to the remote appliances??

Regards,

Erik

We see the following passing in the logs for every user every once in a while.

2012 Nov 12 14:58:58 wae01-sitea config: %WAAS-PARSER-6-350232: CLI_LOG log_cli_command: username "etam" passwd 

2012 Nov 12 14:58:58 wae01-sitea cfg_bin_users: %WAAS-UNKNOWN-5-899999: ***pam_radius pam_sm_authenticate: Got user name #####

2012 Nov 12 14:58:58 wae01-sitea cfg_bin_users: %WAAS-UNKNOWN-5-899999: ***pam_radius pam_sm_authenticate: Sending RADIUS request code 1

2012 Nov 12 14:58:58 wae01-sitea cfg_bin_users: %WAAS-UNKNOWN-5-899999: ***pam_radius pam_sm_authenticate: Got RADIUS response code 3

2012 Nov 12 14:58:58 wae01-sitea perl: %WAAS-CMS-5-700001: Done with usercreation username :: "etam" process return value :: 0

0 REPLIES 0
Content for Community-Ad
This widget could not be displayed.