cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

223
Views
0
Helpful
3
Replies
Highlighted
Beginner

ACS version 3.1, domain passwords keep getting locked

Hi all,

I am using ACS ver3.1 and it is doing both TACACS and Radius (IETF) authentication.  It is causing my windows domain password to continually be locked out.  I can go through the web program to unlock it, but within 15 to 2 hrs its locked again.  I did ask the windows guys and they did confirm that the lockout was becasue of TACACS.

I know it is very vauge, does anyone have any ideas.

Thanks

3 REPLIES 3
Highlighted
Contributor

ACS version 3.1, domain passwords keep getting locked

Hi

Increase the TACACS+ timeout interval from the default 20 hrs. Set the Cisco IOS command as follows:

tacacs-server timeout 20

For more information please go through this link:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008010216a.html#211367

Highlighted
Cisco Employee

ACS version 3.1, domain passwords keep getting locked

How would that help Muhammad? BTW, timeout should be in seconds, not in hours.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin Katyal
Highlighted
Cisco Employee

ACS version 3.1, domain passwords keep getting locked

Alan,

what error message do you see on ACS > failed attempts?

What is the value set for max session on ACS?

How many failure attempts you see for the same user?

Are you using any script to login via tacacs?

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin Katyal