Network Management

Reply
MVP
Posts: 2,930
Registered: ‎10-25-2011

Login attemps for airwave

Hello I would like to know how many bad login attemps does airwave accept until it disable your account? It is posssible to change this value? Also if its possible to see anywhere with cli this information? like how many bad login attemps is configured? Cheers Carlos
----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
MVP
Posts: 2,930
Registered: ‎10-25-2011

Re: Login attemps for airwave

Anyone??

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 8,197
Registered: ‎09-08-2010

Re: Login attemps for airwave

The account locks after 10 attempts. You'd have to dig into SQL commands to check the number of attempts.

 

Sounds like an RFE for seeing it in the GUI.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Moderator
Posts: 1,251
Registered: ‎10-16-2008

Re: Login attemps for airwave

[ Edited ]

I answered something similar a while back, see:

http://community.arubanetworks.com/t5/Network-Management/Airwave-Password-Recovery/m-p/34149/highlight/true#M351

 

------figured I'd copy my reply here------

Keep in mind that in AMP 8+, there's an additional column 'is_enabled' that should be set to 1.  You may also need to reset 'login_attempts' as well (by default, the max login attempts is 10 tries before account is disabled).

 

# dbc "select * from users where username='admin';"

-[ RECORD 1 ]---+-------------------------------------------------------------------------------------------------------------------------------
id | 1
username | admin
password | 2cf94b0aea63ebf7bf41c90fe500603e
role_id | 5
full_name |  admin
email |  admin@blank.com
phone |  555-555-5555
notes |
password_format | md5
login_attempts | 0
is_enabled | 1

 

 

------and answering the rest of your question------

1) You can parse for login attempts on the /var/log/httpd/access_log

2) If 10 login attempts is not enough, you can set it to a higher value like so:

# dbc 'update seas_config set max_login_attempts=100'

Keep in mind that the more attempts allowed, the more open you allow the system to be against brute force attacks from the UI.

3) The users.login_attempts are reset after a successful login.

4) When users.login_attempts meets the value of seas_config.max_login_attempts, is_enabled is set to 0 which means the account is disabled and requires an admin user to reset (admin users can re-enable accounts from the AMP Setup -> Users page)


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
MVP
Posts: 2,930
Registered: ‎10-25-2011

Re: Login attemps for airwave

Hello Rob

The client ask me if there was a way to see in the config that the max client attemps is set to 10.

 

Liek if i were on a switch and i do like a show run and i see that value set on it somehwere in it.

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Moderator
Posts: 1,251
Registered: ‎10-16-2008

Re: Login attemps for airwave

Unless they changed it, it's default is 10.

 

# dbc 'select max_login_attempts from seas_config;'

 

The ouput should be considered as max login attempts allowed prior to user account getting disabled / lock out.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
MVP
Posts: 2,930
Registered: ‎10-25-2011

Re: Login attemps for airwave

thanks!! this command works on airwave 7?

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Moderator
Posts: 1,251
Registered: ‎10-16-2008

Re: Login attemps for airwave

No, this feature was implemented in a sub 8.0.x release.  I'd have to load a 7.7 server to check what the behavior was back then.  At this point though, no one should be on 7.7 since 8.0.11.2 should be very stable ::thumps up emoticon:: (posted to support site last Friday).


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Search Airheads
Showing results for 
Search instead for 
Did you mean: