Extreme Networks

shakil_khan · ‎11-22-2014

Hi
Can anyone tell me what the syntax is for setting an account when it is locked out so that it waits for 120 seconds then the user can re-try again to login?

configure account tom password-policy lockout-on-login-failures on

the above command allows the user tom to lock his account after 3 failed attemtps

Drew_C · ‎12-01-2014

Hi Shakil,
EXOS currently doesn't support an option to automatically re-enable accounts based on a timer.
The command you have described is the closest match to what you're trying to accomplish.
configure account [ all | name] password-policy lockout-on-login-failures [ on | off]
You can configure the maximum number of failed logins before a session is terminated (except via SSH).
configure cli max-failed-logins num-of-loginsTo re-enable an account that has been locked out, an administrator must login and use this command.
clear account [ all | name] lockoutIf you'd like to submit a feature request to enable time-based unlock, I ask that you contact your local SE.

-Drew

George_Georgopo · ‎12-01-2014

How it works with ssh? only 2 attempts allowed?

configure account "name" password-policy lockout-on-login-failures on
configure account "name" password-policy lockout-time-period 5

I know that this conf is about console connections. What if we need to lock out a user after "x" attempts in ssh. What is the status?

James_A · ‎12-01-2014

Since this is the top result in Google, it's worth noting that time-based unlock has been available since XOS 16.1. It's configured with the lockout-time-period option to configure account, and seems to default to 5 minutes.

Extreme Networks

XOS account lockout policy setting

XOS account lockout policy setting