[cisco-voip] authentication failed alerts
Charles Goldsmith
wokka at justfamily.org
Tue Aug 8 11:55:26 EDT 2017
So, a question out to the community about how you deal with this issue. If
an organization is using Webex Messenger for IM and end-users are
connecting Jabber to it, along with phone services and voicemail locally,
jabber is setup with accounts to authenticate to AD locally. SSO is not in
the mix.
When a user's AD password comes up on their expiration and it's changed,
they usually forget to update jabber on their laptop, phone and tablets,
generating a lot of authentication alerts. Those can be filtered down by
adjusting the thresholds.
I'm not an AD guy, but talking with some, when asking about why this
activity is not locking out the AD accounts, I was told that CUCM/CUC uses
a read-only connection to AD, so it will not lock out the accounts.
Because of that problem, we can't simply disable the alerts, we need to
monitor them in case of brute force via MRA.
Any thoughts on a better way to handle this specific scenario?
I may wind up writing a script to consolidate the email authentication
reports into something to give a report on thresholds per user, like
John.Doe had 30 authenticaiton attempts in the last hour, Jane.Smith had
15, and Mark.Jones had 650.
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20170808/d74e4652/attachment.html>
More information about the cisco-voip
mailing list