ā02-08-2010 06:05 PM - edited ā03-19-2019 12:25 AM
We are running CUCM 6.1.3 and have integrated authentication, using LDAP.
cucm users and admins are locked out after one failed attemp (i have confirmed this on the AD server).
whereas the lock out policy on the AD server and set to lock out after 3 failed attemps (which is working and enforced when logging onto the domain).
I have checked enterprise parameters in CUCM to see if the lock out policy can be changed, couldnt find anything.
has anyone ever seen this before?
ā02-09-2010 08:42 AM
You may have a different problem. CUCM has a user configured to lookup the authentication (user name and password) If this user has a problem, it will keep failing everyone.
Check the logs first in CUCM and see what the security is saying for the LDAP profile account, and also the user that is failing.
Also, check your Domain controller and see if there are any issues with the format that is coming from CUCM. If the user name has some odd characters or spaces or the password has unsupport characters, CUCM may not pass the info correctly to LDAP
ā02-09-2010 05:30 PM
actually, the authentication uses a service account called scv_UnifiedCM. and always works when the user password is typed in correctly.
The problem i am describing only related to the AD account lock out after one failed login.
I have done a packet capture on CUCM when simulating a failed login. It turns out that CUCM send the same authentication request to the AD server 3 times, causing it to lock. This would mean that the problem is caused by CUCM.
ā02-09-2010 05:50 PM
Now that you mentioned it, I think I have seen this before. Hunt around the bug report for his. I recall seeing something like this before. If there is a chance... Id upgrade to latest 6.14 release.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide