Wireless Access

last person joined: 9 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Account lock out

This thread has been viewed 9 times

  • 1.  Account lock out

    Posted Nov 18, 2013 12:33 PM

    A user's AD account is getting locked out from our Aruba system, but she doesn't have a laptop..so there is no reason why her PC should even be trying to authenticate to the Aruba System.

     

    This is the message I am seeing in Clearpass.

     

    RADIUS MSCHAP: AD status:Account locked out (0xc0000234)
    MSCHAP: AD status:Account locked out (0xc0000234)
    MSCHAP: Authentication failed
    EAP-MSCHAPv2: User authentication failure

     

     


    How do I track down what device could be using her AD account to log into the Aruba system?



  • 2.  RE: Account lock out

    EMPLOYEE
    Posted Nov 18, 2013 12:55 PM

    From the auth record, lookup in the MAC address in the endpoints database.  Hopefully, you have device profiling configured within ClearPass.  If this is a user auth into a website (like controller UI), look for the Radius NAD IP address or Framed IP address and try to track it down from there.



  • 3.  RE: Account lock out

    Posted Nov 18, 2013 12:58 PM

     

    In the access tracker computed attributes can you see client mac address ?



  • 4.  RE: Account lock out

    Posted Nov 18, 2013 01:02 PM

    yes. So i looked up the MAC address in the controller and it looks like it's her Iphone connected to the guest access. Why would Clearpass show her trying to authenticate to the internal wifi?

     



  • 5.  RE: Account lock out

    Posted Nov 18, 2013 01:07 PM

    Have you tried removing that SSID/Network from her phone? to make sure its not trying to authenticate against that SSID