cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1122
Views
3
Helpful
3
Replies
Highlighted
Beginner

With Cisco Secure ACS 4.2 User accounts gets locked at first instance of wrong credentials even if configured for 3 attempts

Hello Everybody,

I am working with Cisco Secure ACS 4.2 and it is integrated with Active Directory at a Windows 2008 R2 functional level, user accounts that are set with lockout parameters (3 incorrect attempts) are locked out prematurely after the user enters the wrong credentials just once, the integration is done via LDAP.

I wonder if anybody has any idea why this is happening, because when I connect to a Cisco device or VPN, and type my password wrongly, on the Active Directory I get extra bad password counts.

Thanks in advance and regards....

3 REPLIES 3
Highlighted
Hall of Fame Master

Well its due to the clients OS... once you enter the credentials and its wrong, it will keep using those credentials.  If you look at the logs on ACS, you will probably see multiple failures for that user.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
Highlighted

Hello Scott,

Thanks for your answer. However we checked the ACS logs and it shows that we entered bad credentials just once, but in the Active Directory our account sometimes is blocked because we get at least 2 and sometimes 3 failures. This problem is only presented when we authenticate Cisco devices or through VPN, in normal circumstances, when users enter bad credentials on their computers, it works fine.

Thanks and regards...

Highlighted
Hall of Fame Master

Sniff the traffic from ACS and see if ACS is sending the login more than one time. Not much you can do if the credentials are wrong because eventually they will keep retrying and get locked out.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***