If you're using AD as your authentication source, look at implementing "Password history check (N-2)" With Password history check (N-2), as long as the password being used is one of the last two in the history file, the bad password count is not incremented... thus, no account lockout when using an old, but valid password. That is, while the user can't authenticate using the old password (it still fails as an incorrect password), account lookout doesn't occur. It works around the problem where a user changes their password on say their desktop, and then their mobile device instantly locks their account as it attempts to auth on WPA. Jeff
>>> On Monday, April 14, 2014 at 1:52 PM, in message <[email protected]>, "Alexander, David" <[email protected]> wrote: Hi, We’ve been experiencing an issue with AD account lockouts when someone tries to change their password, but they have a device that continues to connect using the old password. It’s been a big support issue for us to try to figure out which device is causing the lockout. I wanted to know if any other schools are experiencing this issue and if you have any recommended solutions you can share. Thanks, Dave ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
