Page 1 of 1
view account lockout policy
Posted: Tue Sep 21, 2021 8:59 pm
How can i view the account lockout policy on AccessServer?
Re: view account lockout policy
Posted: Wed Sep 22, 2021 5:51 am
The default policy is that after 3 failed login attempts on a user account, that user account will be blocked from being able to log in for 15 minutes. After that it is released again. All commands mentioned below are assumed to be run as root user in the /usr/local/openvpn_as/scripts/ directory.
Set the number of authentication failures after which the user will be locked out (default is 3):
./sacli --key "vpn.server.lockout_policy.n_fails" --value <NUMBER> ConfigPut
Release the lockout on a user after the specified amount of seconds passes (default is 900 seconds, or 15 minutes):
./sacli --key "vpn.server.lockout_policy.reset_time" --value <SECONDS> ConfigPut
To see what the current lockout policy is;
./sacli configquery | grep "lockout_policy"
If there are no results from that last command it means the default applies.