I had this problem due a VM trying to connect to a shared network drive using cached credentials and locking out the account. I’ll pass this info on to my AD folks – thanks!
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Jeffrey Sessler Sent: Monday, April 14, 2014 4:00 PM To: [email protected] Subject: Re: [WIRELESS-LAN] account lockouts when changing passwords If you're using AD as your authentication source, look at implementing "Password history check (N-2)" With Password history check (N-2), as long as the password being used is one of the last two in the history file, the bad password count is not incremented... thus, no account lockout when using an old, but valid password. That is, while the user can't authenticate using the old password (it still fails as an incorrect password), account lookout doesn't occur. It works around the problem where a user changes their password on say their desktop, and then their mobile device instantly locks their account as it attempts to auth on WPA. Jeff ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
