cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

653
Views
0
Helpful
3
Replies
Beginner

ACS 5.1.0.44 External Identity Stores Account to be locked out after 3 failed login attempts

Hi All ,

I am currently running cisco ACS 5.1.0.44 and use active directory as the main authentication identity store to allow network administrators to have access to network devices in my organization .

As per the established security policies in my organization , the ACS has to disable any account after 3 failed login attempts to any network devices .

Can you kindly share how it is done ?! i have gone through all the settings oN the acs but couldn't find where or how it is done .

Regards ,

Moussa

3 REPLIES 3
Highlighted
Rising star

ACS 5.1.0.44 External Identity Stores Account to be locked out a

The account lock out policy needs to be set on Active Directory itself and not in ACS. ACS will detect when account is locked out but the enforcement itself needs to be on AD

Highlighted
Beginner

ACS 5.1.0.44 External Identity Stores Account to be locked out a

Hello jrabinow ,

Thanks  a lot for the reply .

We already have our AD setup to lock account of users who failed 3 consecutive windows login attempts .

However when network administrators fail to login  after 3 consecutive attempts into a network device, they can still login into a network device if they provide their correct AD credentials .

Is there any specific configuration that needs to be done on the AD to be aware of the failed login attempts on the network devices and count it the same as a failed windows login attempt ?!

Kind Regards ,

Moussa

Highlighted
Beginner

ACS 5.1.0.44 External Identity Stores Account to be locked out a

I will also check with my AD administrators if they can spot anything on this specific issue or if the login policies have been changed