Hi
I'm using EAP-MSCHAPv2 to authenticate wireless clients against Active Directory when joining the corporate SSID.
When the clients accidentally type their username or password wrong 3 times the whole AD Account is locked out meaning they can't even log onto a wired domain computer.
Are there any way of disabling this? I'm aware that ISE does nothing but proxy the credentials and results to AD, so the change is most likely to be on the AD server, but i have't been able to find a solution.
Best Regards
Nicolai Borchorst
CCIE Security #65775
