cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
687
Views
0
Helpful
3
Replies

Max failed login attempts on Web Portal and AD

slevesqu
Cisco Employee
Cisco Employee

Hi team,

Does the Maximum Failed Login Attempts control work for web portal authentication with Active Directory users? If not would there be another way to prevent AD user account lockout when using the web portal?

Thanks

3 Replies 3

hslai
Cisco Employee
Cisco Employee

It seems you are referring the "Web Portal" to any end-user facing portals, such as MyDevices portal with the login page settings:

Screen Shot 2017-12-14 at 4.39.31 PM.png

In that case, I believe it applies to AD as well. Is your plan to set a huge number for the time between login attempts when rate timing? Otherwise, it would not help much if the AD users have the policy to lock the accounts after number of failures.

The use case is the guest portal that is used on an open ssid by both guests and employees for internet access. The customer wants to prevent the employee AD user accounts lockout.

Yes the idea would be as you said to rate limit for a very long time after the user has tried 2 times for example assuming that the AD account lockout policy is 3 times.

CSCva98129 might impact customer deployments on ISE 1.4 ~ 2.2. Please ensure on the latest patches.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers