Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2587
Views
0
Helpful
2
Replies

account lockout for failed attempts in acs 5.1.0.44.6

Go to solution
sansarav720e
Level 1
Level 1

‎06-05-2011 09:04 PM - edited ‎03-10-2019 06:08 PM

Hi All ,

            I have ACS1121 running version 5.1.0.44.6 on my network environement , I need to enable account lock-out for internal user during failed attempt for more than 8 times , How to achieve this .

            I could see account lock-out for administrator user account , not for internal user .

HTH Regards Santhosh Saravanan
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jrabinow
Level 7
Level 7

‎06-05-2011 09:38 PM

In general this feature is not supported and is part of the CS 5.3 release which is scheduled for FCS later this year

However, looking at the list of patches I can see that the 5.2.0.26.4 cumulative patch includes a fix for the following:

CSCth12406: ACS 5 does not have option to disable local account on failed attempts

I am not familiar specifically with these changes but looking at the CDETS it appears that after the installation of the patch the following options are available:

1.Selected 'System Administration' in ACS under left pane in primary server.

2.Selected 'Users -> Authentication Settings -> Advanced ' . Account Disablement section will be displayed.

3.Selected check box 'Failed attempt exceeds' and provide count of number of attempts after which account is disable

Since you are on a 5.1 release you would need to upgrade to 5.2 and then install the patch (or 5.2.0.26.5 which is in fact the latest patch)

View solution in original post

0 Helpful
2 Replies 2

Go to solution
jrabinow
Level 7
Level 7

‎06-05-2011 09:38 PM

In general this feature is not supported and is part of the CS 5.3 release which is scheduled for FCS later this year

However, looking at the list of patches I can see that the 5.2.0.26.4 cumulative patch includes a fix for the following:

CSCth12406: ACS 5 does not have option to disable local account on failed attempts

I am not familiar specifically with these changes but looking at the CDETS it appears that after the installation of the patch the following options are available:

1.Selected 'System Administration' in ACS under left pane in primary server.

2.Selected 'Users -> Authentication Settings -> Advanced ' . Account Disablement section will be displayed.

3.Selected check box 'Failed attempt exceeds' and provide count of number of attempts after which account is disable

Since you are on a 5.1 release you would need to upgrade to 5.2 and then install the patch (or 5.2.0.26.5 which is in fact the latest patch)

0 Helpful

Go to solution
sansarav720e
Level 1
Level 1
In response to jrabinow

‎06-05-2011 10:02 PM

Hi Rabinow ,

                   Thanks for information , i ll try to upgrade the ACS to  ACS version 5.2.0.26.5 and check for account disable option , I ll keep posted on this . According to my company security baseline , i need this feature to be enabled on ACS appliance , Thank you

HTH Regards Santhosh Saravanan
0 Helpful
Customers Also Viewed These Support Documents