Based on what the AD gurus told me, it's the way Cisco authenticates from CUCM/CUC, so it would have to be a Cisco change.
Anyone in the know at Cisco that can let us know for sure? Thanks! On Tue, Aug 8, 2017 at 11:08 AM, Lelio Fulgenzi <le...@uoguelph.ca> wrote: > That’s a very interesting scenario. I’ve always wondered about that. I > wonder if there’s a way that AD admins can track authentications from CUCM > cluster and apply the lock out rules accordingly? > > > > --- > > Lelio Fulgenzi, B.A. > > Senior Analyst, Network Infrastructure > > Computing and Communications Services (CCS) > > University of Guelph > > > > 519-824-4120 Ext 56354 <(519)%20824-4120> > > le...@uoguelph.ca > > www.uoguelph.ca/ccs > > Room 037, Animal Science and Nutrition Building > > Guelph, Ontario, N1G 2W1 > > > > *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On Behalf > Of *Charles Goldsmith > *Sent:* Tuesday, August 08, 2017 11:55 AM > *To:* voip puck > *Subject:* [cisco-voip] authentication failed alerts > > > > So, a question out to the community about how you deal with this issue. > If an organization is using Webex Messenger for IM and end-users are > connecting Jabber to it, along with phone services and voicemail locally, > jabber is setup with accounts to authenticate to AD locally. SSO is not in > the mix. > > > > When a user's AD password comes up on their expiration and it's changed, > they usually forget to update jabber on their laptop, phone and tablets, > generating a lot of authentication alerts. Those can be filtered down by > adjusting the thresholds. > > > > I'm not an AD guy, but talking with some, when asking about why this > activity is not locking out the AD accounts, I was told that CUCM/CUC uses > a read-only connection to AD, so it will not lock out the accounts. > > > > Because of that problem, we can't simply disable the alerts, we need to > monitor them in case of brute force via MRA. > > > > Any thoughts on a better way to handle this specific scenario? > > > > I may wind up writing a script to consolidate the email authentication > reports into something to give a report on thresholds per user, like > John.Doe had 30 authenticaiton attempts in the last hour, Jane.Smith had > 15, and Mark.Jones had 650. > > > > Thanks! > > >
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
