Hi
We have a v5.2 ACS which is authenticating against Windows Active Directory using secure LDAP. The authentication is working fine. However, there is an issue with disabling the account after a number of failed attempts. The Active Directory policy is set to disable the account after 5 failed attempts. This policy doesn't work if the authentication comes from the ACS. We can have many consecutive failures on an AD account and it does not get disabled.
It looks like that after the ACS does a bind to the LDAP server all the traffic that comes from the ACS is seen by Active Directory as a query. So all authentications from users whether they authenticate or not are just queries and it doesn't log failed authentications.
Has anyone out there managed to successfully enforce this kind of policy using ACS and LDAP?
Any advice would be appreciated
Cheers
BTW: The authentications mainly come from Network Devices and not servers.