Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1492
Views
0
Helpful
2
Replies

Active Directory Radius Account locking out

jbeach44
Level 1
Level 1

‎11-30-2021 06:17 AM

Hello,

 

Sorry in advance if this is not the correct thread to post in.

 

We are currently migrating over to Auvik from Solarwinds NCM and running into a bit of an issue. We have one AD account that is being used as CLI creds for all of our switches and routers. We have a separate account for just our ASA's. Both of these accounts are identical and have been configured through our Network Policy Server to utilize privilege level 3. The account used for the ASA's is locking out about once a day and I cannot figure out why it is locking it. I can see through our SIEM that it is authenticating all day with our ASA's and running commands to view the config. When it does get locked out, our SIEM is indicating that it is locked out due to a bad password, but that doesn't make sense as is able to authenticate throughout the day just fine. I even limited the account to log into only one ASA, and it still locks out after a few hours. I am also able to authenticate via putty multiple times successfully without any lockouts. I also tried changing the priv level to 15, but that still didn't fix the issue.

 

Does anyone have any ideas as to why this might be happening? Auvik bug? 

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎11-30-2021 12:59 PM

it happens, if the user anywhere logged in and changed the password later, that happens - have seen this before.

 

i had to find this issue for Long long time to investigate - took for me 6months or more i guess, check below script and run so it will tell you where it lockout took place :

 

https://devblogs.microsoft.com/scripting/use-powershell-to-find-the-location-of-a-locked-out-user/

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

jbeach44
Level 1
Level 1
In response to balaji.bandi

‎12-02-2021 05:19 AM

Hey Balaji,

 

Thank you for the response and suggested tip. Unfortunately, this account is brand new and doesn't exist anywhere else. When I run that script, the caller computer name is blank. Do you know how to enable additional authentication logging for an ASA? I am wondering if I will see anything useful there.

 

Thanks,

 

Jon 

0 Helpful
Customers Also Viewed These Support Documents