Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.1.0.44 External Identity Stores Account to be locked out after 3 failed login attempts

Hi All ,

I am currently running cisco ACS 5.1.0.44 and use active directory as the main authentication identity store to allow network administrators to have access to network devices in my organization .

As per the established security policies in my organization , the ACS has to disable any account after 3 failed login attempts to any network devices .

Can you kindly share how it is done ?! i have gone through all the settings oN the acs but couldn't find where or how it is done .

Regards ,

Moussa

3 REPLIES
Cisco Employee

ACS 5.1.0.44 External Identity Stores Account to be locked out a

The account lock out policy needs to be set on Active Directory itself and not in ACS. ACS will detect when account is locked out but the enforcement itself needs to be on AD

New Member

ACS 5.1.0.44 External Identity Stores Account to be locked out a

Hello jrabinow ,

Thanks  a lot for the reply .

We already have our AD setup to lock account of users who failed 3 consecutive windows login attempts .

However when network administrators fail to login  after 3 consecutive attempts into a network device, they can still login into a network device if they provide their correct AD credentials .

Is there any specific configuration that needs to be done on the AD to be aware of the failed login attempts on the network devices and count it the same as a failed windows login attempt ?!

Kind Regards ,

Moussa

New Member

ACS 5.1.0.44 External Identity Stores Account to be locked out a

I will also check with my AD administrators if they can spot anything on this specific issue or if the login policies have been changed

575
Views
0
Helpful
3
Replies