Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

badPwdCount parameter in CPPM

This thread has been viewed 3 times

  • 1.  badPwdCount parameter in CPPM

    Posted Aug 19, 2014 01:02 PM

    In Clearpass, Authentication - Sources - <AD> 

    When I browse to a certain user, it shows the badPwdCount is 4.

     

    However, that users password has just been reset, and they have successfully logged in.

    It's been over 2 hours, and it still has not reset.

    The 'Clear Cache' button in CPPM didn't change anything either.

     

    Where does CPPM get this information, and how often does it update it?

     

    Thanks,

    Tony



  • 2.  RE: badPwdCount parameter in CPPM

    EMPLOYEE
    Posted Aug 19, 2014 01:04 PM

    What is your cache timeout set to in your AD auth source?

     

    auth-source-ad-cache.JPG

     

    Also, can you use something like ADSIEdit to verify that the data is different in ClearPass vs AD?



  • 3.  RE: badPwdCount parameter in CPPM

    Posted Aug 19, 2014 01:18 PM

    Hi Tim:

    Thanks, I had forgotten about adsiedit.

     

    And that showed the issue. The badPwdCount for this user was different on different DC's. CPPM was reading it correctly.

     

    That's odd, because repadmin showed that domain sync happened successfully a few minutes ago.

     

    I know this is now a Microsoft question, but any ideas on what would cause that?

     

    Thanks,

    Tony