802.1x authentication problem - mobile devices
The main problem is the blocking of domain accounts for failed attempts.
A case is described below:
I have two Controller 7210 and ClearPass (CPPM) HW-5K is working well integrated the configuration 802.1x service.
A) The problem is that the policies have active accounts, which indicates that after 6 failed attempt your account is locked. Also, the policy extends their account that should change the password every month.
These policies accounts is generating problems because the account is locked every time they change passwords for their accounts. This problem has become critical as users use their mobile devices (Iphone, Ipad, Android, BlackBerry, etc.) to connect to the network 802.1x because the entity as permitted.
Then when you change their account passwords these mobile devices are automatically trying to connect to the erroneous passwords and that is where the accounts are blocked.
Solutions executed:
1. This configuration has been performed to prevent failed password attempts to block the account, (& (& (sAMAccountName =% {Authentication: Username}) (objectClass = user)) ((badPwdCount> = 4))!) but the query does not work. Because it reviewed in consultation with the servers from the CPPM, showed that the option "badPwdCount" did not increase at each attempt.
Detect that the client had 4 active directory and the "Source" of ClearPass only consulted the primary servidore and even teniedo three backup does not consult others, except the primary is down. [attached image 1]
B) Another problem, this happens with mobile devices (Iphone, Ipad) when the user changed the password of the account, the device asks for the new password on the second attempt, but when the new password is placed fails to complete the autenticcion because in ClearPass log shows that it is not the correct password.
In other mobile devices does not ask the new password just try and try until the account lock.
The only way it has been for soluionar this problem is that in mobile devices (Iphone, Ipad, Android, etc) eliminate 802.1x network already created and reconnecting again and it works again.
how could solve is problem?
I could indicate whether this behavior Iphone and other mobiles dipsositivos is so or I need some settings in the ClearPass or Controller.
#7210