Network Management

Hello I would like to know how many bad login attemps does airwave accept until it disable your account? It is posssible to change this value? Also if its possible to see anywhere with cli this information? like how many bad login attemps is configured? Cheers Carlos

Anyone??

 

Cheers

Carlos

The account locks after 10 attempts. You'd have to dig into SQL commands to check the number of attempts.

 

Sounds like an RFE for seeing it in the GUI.

I answered something similar a while back, see:

http://community.arubanetworks.com/t5/Network-Management/Airwave-Password-Recovery/m-p/34149/highlight/true#M351

 

------figured I'd copy my reply here------

Keep in mind that in AMP 8+, there's an additional column 'is_enabled' that should be set to 1.  You may also need to reset 'login_attempts' as well (by default, the max login attempts is 10 tries before account is disabled).

 

# dbc "select * from users where username='admin';"

-[ RECORD 1 ]---+-------------------------------------------------------------------------------------------------------------------------------
id | 1
username | admin
password | 2cf94b0aea63ebf7bf41c90fe500603e
role_id | 5
full_name |  admin
email |  admin@blank.com
phone |  555-555-5555
notes |
password_format | md5
login_attempts | 0
is_enabled | 1

 

 

------and answering the rest of your question------

1) You can parse for login attempts on the /var/log/httpd/access_log

2) If 10 login attempts is not enough, you can set it to a higher value like so:

# dbc 'update seas_config set max_login_attempts=100'

Keep in mind that the more attempts allowed, the more open you allow the system to be against brute force attacks from the UI.

3) The users.login_attempts are reset after a successful login.

4) When users.login_attempts meets the value of seas_config.max_login_attempts, is_enabled is set to 0 which means the account is disabled and requires an admin user to reset (admin users can re-enable accounts from the AMP Setup -> Users page)

Hello Rob

The client ask me if there was a way to see in the config that the max client attemps is set to 10.

 

Liek if i were on a switch and i do like a show run and i see that value set on it somehwere in it.

 

Cheers

Carlos

Unless they changed it, it's default is 10.

 

# dbc 'select max_login_attempts from seas_config;'

 

The ouput should be considered as max login attempts allowed prior to user account getting disabled / lock out.

thanks!! this command works on airwave 7?

No, this feature was implemented in a sub 8.0.x release.  I'd have to load a 7.7 server to check what the behavior was back then.  At this point though, no one should be on 7.7 since 8.0.11.2 should be very stable ::thumps up emoticon:: (posted to support site last Friday).