11-30-2023 06:20 AM
Hello everybody,
We have situation where there is user lockout policy on domain , after three bad password attempts. We have problem that users lock themselves after one missed duo push.
ASA SSL vpn is configured to have 60 second timeout with 10 second retry interval (as per documentation on DUO)
What we are seeing in Duo Auth proxy logs is "packet has invalid authenticator". Do you maybe have any ideas why users are locking themselves after first missed push auth?
Thanks
Damir
12-05-2023 02:26 PM
Hmm, are you trying to use EAP in a Duo config that doesn't support it? What if you switch to MS-CHAPv2 with no EAP (or even just PAP as a test), does it work?
02-20-2024 06:26 PM
What's your login attempt limit before a user is locked out?
Is the proxy binding to AD as the user or as the machine?
Set it up to bind as the machine.. otherwise an incorrect pw is going to count for more than one login attempt so they get locked.out faster.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide