Hi to all,
we have a customer using dual SSID onboarding with AD accounts. The SSID for onboarding is unencrypted and only broadcasted in the upper part of the company building. For security reasons the AD locks a user account afer 5 failed login attempts. This leads to the following situation: an external person knowing a username could lock this specific user account form outside, or could just start a bruteforce on a combination of username and password and could lock a huge ammount of user accounts.
As far as I know it is not possilbe to limit the login attempts with clearpass. Also there is no easy way to put a captcha on the onboarding website.
Has someone any idea to mitigate this issue?
Regards,
Marian