Radius authentication locked out policy

We setup a radius server on windows 2012 to authenticate our wireless.
everyone has a mac here and so when connecting to our wireless we need to type our AD credentials.
I wrote the policy that after 5 failed attempts the account will be locked but that didnt work.
I then found this article: https://technet.microsoft.com/en-us/library/dd197529(v=ws.10).aspx and made the changes but that still didnt work.

anyone has a suggestion on how I can make sure that failed login to connect to the wireless will lock the account?

thx

Gaetan
odewulfPresidentAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

odewulfPresidentAuthor Commented:
after spending hours on this, I can see the that GPO I created is not applying the account policies. it does apply the auditing part so I know the policy works but any changes I make to the account policies are not showing up when I run rsop.msc

thx for your help/advice

G
odewulfPresidentAuthor Commented:
ok so using the registry key I kinda make it work.

the NPS is on one of our DC and I changed teh key there but that doesnt work. I then changed the key on our SBS server and it shows the locked account int eh registry.
unfortunately if I entered the right password it does unlock me automatically which is kind of stupid as there is no point of having that policy in place if the user can just unlock himself

thx
kevinhsiehCommented:
Where are you applying the GPO? It needs to apply to your domain controllers OU.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

odewulfPresidentAuthor Commented:
yes it is applied to the DC OU.
other settings in that policy are updated and pushed if I changed them, just not the account policies.
it is the only policy applied so nothing to over write the settings.
I am just puzzled right now
arnoldCommented:
Use GPMC to run policy results wizard on the NPS/DC it will show you which GPO is enforcing the password policy..

Is this a brand new domain in 2012, or this is a domain that is of a long running firm, ...

Pre 2008 password policy was managed through default domain GPO. Only.
odewulfPresidentAuthor Commented:
ok I figured out the issue. for the radius it does not use GPO anyway but the registry key. the strange thing is that I needed to change the key on the SBS and not on the Radius server

thx

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
odewulfPresidentAuthor Commented:
found the issue being the registry and not the GPO
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.