cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
5305
Views
5
Helpful
4
Replies
Highlighted
Beginner

jabber LDAP users are not locked after 5 failed attempts? How to make them lock?

Hi all,

All jabber clients are using ldap accounts to log in. I wonder if it's possible to  make a policy such as  locking the ldap account after 5 failed attempts.

Can anybody know how to set jabber's policy rule about login attempts regardless of Active Directory policy?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

there is no such policy on jabber as far as i am aware of. but you can change the account lock parameter on AD itself. once the number of failed attempts reaches 5 , the AD account will be locked.

View solution in original post

4 REPLIES 4
Highlighted
Cisco Employee

Hi,

It will be possible via the Credentials policy on cucm under User Administration. There is an option called "failed logon" in the credential policy, there you can set the logon threshold. When the threshold is reached, the system locks the account.

Failed Logon / No Limit for Failed Logons

Specify the number of allowed failed login attempts. When this threshold is reached, the system locks the account.

Enter a number in the range 1-100. To allow unlimited failed logins, enter 0 or check the No Limit for Failed Logons check box. Uncheck the check box to enter a value greater than 0. The default setting specifies 3.


Below are the steps to configure credential policy and to apply authentication rule to End
user,

1-      Go to "user management==> User settings=> Credential policy.
2-      Click "Add new" and fill in the credential policy Information ( in this page, uncheck "no limit for failed logons" and specify the failed Logon attempt) and save
3-      Go to end user and click "edit credential" for password.
4-       Assign the new credential policy to "Authentication Rule"

HTH

Manish

Highlighted

Hi Manish

I tested it but no luck.

Are you sure that it will affect to LDAP user? Seems to me that will affect to local users.

I configured it as you mentioned above. But after that I tried on Jabber client and wrote the password wrongly  nearly 8 times.  But it didn't lock it. After 9th attempt I logged in to jabber. The behaviour should be like this:  After 5 times of attempt, it should have locked this account and shouldn't have  sent the password to Active directory.

Highlighted
Hall of Fame Cisco Employee

AFAIK it will work as you found out, only the PIN policy will be applied to all users, but the local pwd policy only affects the local users, not the LDAP.

I also don't know of a way to do this in IM&P, only by setting the lockout policy directly in LDAP.

HTH

java

if this helps, please rate
Highlighted
Cisco Employee

there is no such policy on jabber as far as i am aware of. but you can change the account lock parameter on AD itself. once the number of failed attempts reaches 5 , the AD account will be locked.

View solution in original post