Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Only one logon attempt to ACS before locked out

We are setting up a wireless network, and using ACS v3.3. We have found that wired users get 3 attempts to get their passwords correct, but wireless users only get one before their account is locked out. Being somewhat new to ACS and wireless, does anybody know why this may be happening?

Thanks in advance.



New Member

Re: Only one logon attempt to ACS before locked out


It may just be a function of the wireless client you are using. I run into the same problem ocassionally, but it is typically user profiles which have user names and passwords stored. When they are required to change their windows password, they forget to change the stored password and end up locking their account. You should be able to see how many times the client automatically retries by using a bad password and using the command "debug radius authentication" on your AP. The Intel client has a setting in one of its .ini files stating the number of authentication retries (default=0), but I can't say about other clients without testing it.

R Duke

New Member

Re: Only one logon attempt to ACS before locked out

Does anyone have any other options, as we are experiencing the same issue? We are using the Cisco supplicant with a Cisco card accessing ACS 3.3 utilizing PEAP. A user attempts one logon with a bad password and the account gets locked. We have run debugs for TAC with the below error when the account gets locked.

Returning AAA Error 'Authentication Failed' (-4)

Any help would be greatly appreciated.

CreatePlease to create content