Radius authentication locked out policy
We setup a radius server on windows 2012 to authenticate our wireless.
everyone has a mac here and so when connecting to our wireless we need to type our AD credentials.
I wrote the policy that after 5 failed attempts the account will be locked but that didnt work.
I then found this article: https://technet.microsoft.com/en-us/library/dd197529(v=ws.10).aspx and made the changes but that still didnt work.
anyone has a suggestion on how I can make sure that failed login to connect to the wireless will lock the account?
thx
Gaetan
everyone has a mac here and so when connecting to our wireless we need to type our AD credentials.
I wrote the policy that after 5 failed attempts the account will be locked but that didnt work.
I then found this article: https://technet.microsoft.com/en-us/library/dd197529(v=ws.10).aspx and made the changes but that still didnt work.
anyone has a suggestion on how I can make sure that failed login to connect to the wireless will lock the account?
thx
Gaetan
ASKER
ok so using the registry key I kinda make it work.
the NPS is on one of our DC and I changed teh key there but that doesnt work. I then changed the key on our SBS server and it shows the locked account int eh registry.
unfortunately if I entered the right password it does unlock me automatically which is kind of stupid as there is no point of having that policy in place if the user can just unlock himself
thx
the NPS is on one of our DC and I changed teh key there but that doesnt work. I then changed the key on our SBS server and it shows the locked account int eh registry.
unfortunately if I entered the right password it does unlock me automatically which is kind of stupid as there is no point of having that policy in place if the user can just unlock himself
thx
Where are you applying the GPO? It needs to apply to your domain controllers OU.
ASKER
yes it is applied to the DC OU.
other settings in that policy are updated and pushed if I changed them, just not the account policies.
it is the only policy applied so nothing to over write the settings.
I am just puzzled right now
other settings in that policy are updated and pushed if I changed them, just not the account policies.
it is the only policy applied so nothing to over write the settings.
I am just puzzled right now
Use GPMC to run policy results wizard on the NPS/DC it will show you which GPO is enforcing the password policy..
Is this a brand new domain in 2012, or this is a domain that is of a long running firm, ...
Pre 2008 password policy was managed through default domain GPO. Only.
Is this a brand new domain in 2012, or this is a domain that is of a long running firm, ...
Pre 2008 password policy was managed through default domain GPO. Only.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
found the issue being the registry and not the GPO
ASKER
thx for your help/advice
G