We use Splunk to identify the source host if a user is getting locked out, we already had Splunk it wasn't purchased for this use but it's a pretty flexible tool.
It can help us tell if it's a device trying to login to wireless, or if its software on a particular computer. But it won't tell you what that software is, just identifies the host from AD logs. A number of users tell us they only have 1-2 devices, and this identifies a second computer, phone or tablet. I just went through the process myself, not so fun there's always something that slips through. I updated everything in the Windows Credentials Manager, however there are some things that don't use that. Got done by the WebEx MAPI client. The situation still isn't ideal, but at least we can help point people in the right direction. The password history check feature sounds great though -- Jason Cook The University of Adelaide, AUSTRALIA 5005 Ph : +61 8 8313 4800 e-mail: [email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Alexander, David Sent: Tuesday, 15 April 2014 6:23 AM To: [email protected] Subject: [WIRELESS-LAN] account lockouts when changing passwords Hi, We've been experiencing an issue with AD account lockouts when someone tries to change their password, but they have a device that continues to connect using the old password. It's been a big support issue for us to try to figure out which device is causing the lockout. I wanted to know if any other schools are experiencing this issue and if you have any recommended solutions you can share. Thanks, Dave ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
