Using the Locked Accounts List

Account lockout lets you disable an account after a configurable number of failed login attempts within a configurable period. For example, if a user enters an incorrect password three times within two minutes, SBR Carrier can lock out the user’s account temporarily. During the lockout period, the user cannot log in, even with the correct password.

When a user account is locked out, the user must wait until the lockout period expires, or a network administrator manually clears the lockout status for the account.

Note

Do not enable account lockout and account redirection at the same time. If account lockout and account redirection are both enabled, account lockout is used and account redirection settings are ignored. For information about account redirection, see Account Redirection.

Note

Account lockout works locally only, not globally. Account lockout state is not maintained if SBR Carrier is restarted.

Configuring Locked Account Settings

To configure account lockout, edit the lockout.ini file. For information about the lockout.ini file, see the SBR Carrier Reference Guide.

Unlocking a Locked Account

To unlock a locked account using the Web GUI:

Select RADIUS Configuration > Reports > Locked Accounts.
The Locked Accounts page (Figure 275) appears. This page displays a list of user accounts that have been locked.
Figure 275: Locked Accounts Page
Select the account you want to unlock from the list.
Click Unlock to unlock the selected account.
To unlock all currently locked accounts, click Unlock All.
Note
You can use the LDAP configuration interface to clear a locked-out account by creating and executing an LDIF file with the following commands:

dn: user=user_name, radiusstatus=lockout, o=radius

changetype: delete

Where user_name is the name of the locked-out user.

Unlocking a locked-out user through LCI is supported only for standalone servers.

For information about using the LDAP configuration interface, see Using the LDAP Configuration Interface.