Symptom:
Users accounts that have not exceeded the number of permitted failed login attempts are becoming disabled.
Solution:
Check the incorrect password settings. The setting for disabling an account after a specific number of consecutive incorrect password attempts may be too low.
Setting this value too low causes a problem when two or more users, which are located in different user directories, have the same user name. When the Policy Server attempts to authorize a user, it checks all user names that correspond to the login and then attempts to match the password. If the Policy Server finds a user name that the password does not match, it records a failed attempt for that user. If this happens more than the number of times specified by the in the incorrect password settings, the account is disabled.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |