Solved: AFAIK it will work as you

cevliyaoglu · ‎08-12-2016

Hi all,

All jabber clients are using ldap accounts to log in. I wonder if it's possible to make a policy such as locking the ldap account after 5 failed attempts.

Can anybody know how to set jabber's policy rule about login attempts regardless of Active Directory policy?

Varundeep Chhatwal · ‎08-12-2016

there is no such policy on jabber as far as i am aware of. but you can change the account lock parameter on AD itself. once the number of failed attempts reaches 5 , the AD account will be locked.

View solution in original post

Manish Gogna · ‎08-12-2016

Hi,

It will be possible via the Credentials policy on cucm under User Administration. There is an option called "failed logon" in the credential policy, there you can set the logon threshold. When the threshold is reached, the system locks the account.

Failed Logon / No Limit for Failed Logons

Specify the number of allowed failed login attempts. When this threshold is reached, the system locks the account.

Enter a number in the range 1-100. To allow unlimited failed logins, enter 0 or check the No Limit for Failed Logons check box. Uncheck the check box to enter a value greater than 0. The default setting specifies 3.

Below are the steps to configure credential policy and to apply authentication rule to End
user,

1-      Go to "user management==> User settings=> Credential policy.
2-      Click "Add new" and fill in the credential policy Information ( in this page, uncheck "no limit for failed logons" and specify the failed Logon attempt) and save
3-      Go to end user and click "edit credential" for password.
4-       Assign the new credential policy to "Authentication Rule"

HTH

Manish

cevliyaoglu · ‎08-12-2016

Hi Manish

I tested it but no luck.

Are you sure that it will affect to LDAP user? Seems to me that will affect to local users.

I configured it as you mentioned above. But after that I tried on Jabber client and wrote the password wrongly nearly 8 times. But it didn't lock it. After 9th attempt I logged in to jabber. The behaviour should be like this: After 5 times of attempt, it should have locked this account and shouldn't have sent the password to Active directory.

Jaime Valencia · ‎08-12-2016

AFAIK it will work as you found out, only the PIN policy will be applied to all users, but the local pwd policy only affects the local users, not the LDAP.

I also don't know of a way to do this in IM&P, only by setting the lockout policy directly in LDAP.

HTH

java

if this helps, please rate

Varundeep Chhatwal · ‎08-12-2016

there is no such policy on jabber as far as i am aware of. but you can change the account lock parameter on AD itself. once the number of failed attempts reaches 5 , the AD account will be locked.

amr-abdellatif89 · ‎03-28-2024

hey.

i need to know how can i lock my username for a time more than a month from my access not managerial access?

Roger Kallberg · ‎03-29-2024

Your question looks to be off topic to the OP question and as the post is marked as solved it is advised for you to create your own post.

jabber LDAP users are not locked after 5 failed attempts? How to make them lock?