Frequent Contributor II

badPwdCount parameter in CPPM

In Clearpass, Authentication - Sources - <AD> 

When I browse to a certain user, it shows the badPwdCount is 4.


However, that users password has just been reset, and they have successfully logged in.

It's been over 2 hours, and it still has not reset.

The 'Clear Cache' button in CPPM didn't change anything either.


Where does CPPM get this information, and how often does it update it?




Guru Elite

Re: badPwdCount parameter in CPPM

What is your cache timeout set to in your AD auth source?




Also, can you use something like ADSIEdit to verify that the data is different in ClearPass vs AD?

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor II

Re: badPwdCount parameter in CPPM

Hi Tim:

Thanks, I had forgotten about adsiedit.


And that showed the issue. The badPwdCount for this user was different on different DC's. CPPM was reading it correctly.


That's odd, because repadmin showed that domain sync happened successfully a few minutes ago.


I know this is now a Microsoft question, but any ideas on what would cause that?




Search Airheads
Showing results for 
Search instead for 
Did you mean: