Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS version 3.1, domain passwords keep getting locked

Hi all,

I am using ACS ver3.1 and it is doing both TACACS and Radius (IETF) authentication.  It is causing my windows domain password to continually be locked out.  I can go through the web program to unlock it, but within 15 to 2 hrs its locked again.  I did ask the windows guys and they did confirm that the lockout was becasue of TACACS.

I know it is very vauge, does anyone have any ideas.

Thanks

3 REPLIES
Cisco Employee

ACS version 3.1, domain passwords keep getting locked

Hi

Increase the TACACS+ timeout interval from the default 20 hrs. Set the Cisco IOS command as follows:

tacacs-server timeout 20

For more information please go through this link:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008010216a.html#211367

Cisco Employee

ACS version 3.1, domain passwords keep getting locked

How would that help Muhammad? BTW, timeout should be in seconds, not in hours.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
Cisco Employee

ACS version 3.1, domain passwords keep getting locked

Alan,

what error message do you see on ACS > failed attempts?

What is the value set for max session on ACS?

How many failure attempts you see for the same user?

Are you using any script to login via tacacs?

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
195
Views
0
Helpful
3
Replies
CreatePlease login to create content