Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
0
Helpful
3
Replies

ACS version 3.1, domain passwords keep getting locked

Alan Wood
Level 1
Level 1

‎10-22-2013 02:33 PM - edited ‎03-10-2019 09:01 PM

Hi all,

I am using ACS ver3.1 and it is doing both TACACS and Radius (IETF) authentication.  It is causing my windows domain password to continually be locked out.  I can go through the web program to unlock it, but within 15 to 2 hrs its locked again.  I did ask the windows guys and they did confirm that the lockout was becasue of TACACS.

I know it is very vauge, does anyone have any ideas.

Thanks

Labels:
0 Helpful
3 Replies 3

Muhammad Munir
Level 5
Level 5

‎10-23-2013 02:16 AM

Hi

Increase the TACACS+ timeout interval from the default 20 hrs. Set the Cisco IOS command as follows:

tacacs-server timeout 20

For more information please go through this link:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008010216a.html#211367

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to Muhammad Munir

‎10-23-2013 02:57 AM

How would that help Muhammad? BTW, timeout should be in seconds, not in hours.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee

‎10-23-2013 03:01 AM

Alan,

what error message do you see on ACS > failed attempts?

What is the value set for max session on ACS?

How many failure attempts you see for the same user?

Are you using any script to login via tacacs?

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful
Customers Also Viewed These Support Documents