Wireless Access

Reply
New Contributor
Posts: 4
Registered: ‎03-12-2013

Account lock out

A user's AD account is getting locked out from our Aruba system, but she doesn't have a laptop..so there is no reason why her PC should even be trying to authenticate to the Aruba System.

 

This is the message I am seeing in Clearpass.

 

RADIUS MSCHAP: AD status:Account locked out (0xc0000234)
MSCHAP: AD status:Account locked out (0xc0000234)
MSCHAP: Authentication failed
EAP-MSCHAPv2: User authentication failure

 

 


How do I track down what device could be using her AD account to log into the Aruba system?

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: Account lock out

From the auth record, lookup in the MAC address in the endpoints database.  Hopefully, you have device profiling configured within ClearPass.  If this is a user auth into a website (like controller UI), look for the Radius NAD IP address or Framed IP address and try to track it down from there.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
MVP
Posts: 4,238
Registered: ‎07-20-2011

Re: Account lock out

 

In the access tracker computed attributes can you see client mac address ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
New Contributor
Posts: 4
Registered: ‎03-12-2013

Re: Account lock out

yes. So i looked up the MAC address in the controller and it looks like it's her Iphone connected to the guest access. Why would Clearpass show her trying to authenticate to the internal wifi?

 

MVP
Posts: 4,238
Registered: ‎07-20-2011

Re: Account lock out

Have you tried removing that SSID/Network from her phone? to make sure its not trying to authenticate against that SSID 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: