Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
582
Views
0
Helpful
1
Replies

How to notify users that their account is lockout

hgru
Level 1
Level 1

‎07-28-2006 01:48 AM - edited ‎03-10-2019 02:41 PM

Hi,

We have an implementation of Cisco Secure for Windows. To log into the cisco devices the cisco device use tacacs and the cisco secure server checks against windows AD to validate user+password credntials. Now if the users fail three times in a row their account in AD gets locked for 2 minutes. Their tacacs accounts get locked after 7 attemps. However the user does not get a warning from the cisco device when the windows account is locked out so some users keep on trying so also their tacacs account gets locked out. I see in the logging on the acs server that the windows AD is telling it that the account is locked. Is it possible to send this message to the user prompt to notify them? Otherwise is it possible to also lock the tacacs account for two minutes?

Labels:
0 Helpful
1 Reply 1

darpotter
Level 5
Level 5

‎08-02-2006 06:28 AM

Yes it is possible... but wasnt implemented.

If you use the ACS internal database, password aging messages get passed back via T+ that allows for forcing admins to change passwords and the like.

Its actually not that hard for ACS to do the same for Windows/AD but it was never done - which is a shame.

I guess if enough people shouted at Marketing they might add it.

Darran

0 Helpful
Customers Also Viewed These Support Documents