locked
Sharepoint Auth with AD - Max attempts lockout? RRS feed

  • Question

  • I perfer to just get the details about the setup out of the way before you read my question, so here you go:
    MOSS 12.0.0.6318
    3 Sever set up
     1 sql (2k5)
     1 search server/email/excel calc
     1 Cent admin/project/webfront end

    Auth providor info from Cent. Admin: (if setting not mentioned, it is not turned on)
      Auth type: windows
     Anoymouse Access - On
      Integrated Windows Auth
              - NTLM
    Client Integration - On

    IIS Settings->Direc Sec. -> Auth & Access Cont:
    Anonymouse Access : On & set up
    Auth Access
         - Integrated Windows Auth


    We are currently experiencing problems with sharepoint not allowing people to log in after they do a password change.
     We currently use novell on our systems linked to AD and everything that pulls from AD gets updated right away with the new password. All of our other applications work properly and we are wondering why this is happing. But that is another problem that we think is related to how our pw change and ad works, not the topic of this question, but is why i am bringing it up.

    I am woundering if sharepoint has any kind of functionality built in that blocks accounts from loggin in if too many failed attempts happen in X amount of time. It would make sence to me that it could and probaly should have that functionality built in, as a precaution to prevent people from brute-force hacking passwords, but i have not found any documentation about this.

    Anyone know if sharepoint will step in and block login attempts from a perticular username after X amount of attempts for X period of time?


    I have other related questions but for the sake of making each post to the point about one problem, i will just make new threads about them.
    Please check out my other question at:
    http://social.technet.microsoft.com/Forums/en-US/sharepointadmin/thread/9433d9b7-87a6-4edd-896a-77c4d5d683cd/

    Thanks in advance!
    • Edited by Graf3X Thursday, November 13, 2008 6:39 PM
    Thursday, November 13, 2008 6:24 PM

Answers

  •  Anyone know if sharepoint will step in and block login attempts from a perticular username after X amount of attempts for X period of time?

    You will need to set the account lockout feature up in Active Directory.

    Tools to help with account lockout: http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

    Just remember that you open yourself up for a denial of service attack, someone could repeatly enter the wrong password for a known username and then lock that user out.
    .NET Developer, Brisbane, Australia, http://httpcode.com
    • Marked as answer by Graf3X Thursday, November 20, 2008 3:01 PM
    Monday, November 17, 2008 1:10 AM