AD Account Lockout

  • Resolved bailz564

    (@bailz564)


    3 years, 3 months ago

    Hi,

    I am using NADI to import AD accounts into a WordPress. WP accounts are created when a user logs in, I am not using automatic import from AD to WP nor am I syncing profile changes back to AD.

    However, I have recently noticed that the WordPress server is causing AD lockouts for accounts that exist in the WP database by trying to auth with a bad password. Can you suggest what might be causing this?

    Thanks

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author schakko

    (@schakko)

    Hi @bailz564,
    if your user’s account get locked, it might be due to the “Account Lockout Policy” of your Domain Controller’s GPO.
    You can find the corresponding group policy below
    Computer Configuration > Windows Settings > Security Settings > Account Policies >Account Lockout Policy.

    From NADI’s side, there is nothing we can do. You could either use a custom WordPress solution to prevent brute force logins or configure the corresponding GPO.

    Thread Starter bailz564

    (@bailz564)

    Hi schakko,

    Yes, it is absolutely down to the Account Lockout Policy but I’m more interested in why NADI is attempting to authenticate roughly every 30 minutes and eventually causing these lock outs.

    When testing with my own account, I am logging in to WordPress with my current password but yet my account is locked out 3 or 4 times a day by failed authentication attempts from the WordPress server.

    Plugin Author schakko

    (@schakko)

    NADI itself does not store your password (aside from the required service accounts for Sync to WP/AD – which you are not using).

    – Are you using some tools like Windows Live Writer which periodically logs in into WordPress/NADI?
    – Does NADI’s debug.log shows any suspicious activity?

    Thread Starter bailz564

    (@bailz564)

    We are not using anything like Windows Live Writer.

    I see nothing that I wouldn’t expect to see in the debug.log. Although I only just enabled this after your earlier message. It only appears to log each time a user logs in.

    I have since disabled the NADI plugin and the authentication attempts and lockouts have stopped. I haven’t seen any auth requests hitting our DC in the last hour.

    Plugin Author schakko

    (@schakko)

    @bailz564
    NADI is responsible for doing the authentication but there does nothing exist like an automatic login procedure.

    My 2nd guesses would be
    – Some other plug-ins which are firing WordPress ‘wp_authenticate’ hook (which NADI is listening to)
    – Browser plug-ins which are trying to re-authenticate (which triggers NADI’s authentication)

    Some further questions:
    – Are there any other WordPress plug-ins installed which have to do with security-related topics?
    – Do you have checked in which intervals (e.g. every 120 minutes) those re-authentications happen?
    – Can you correlate the authentication with some HTTP requests (e.g. by comparing the timestamps with Apache’s access.log)?

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘AD Account Lockout’ is closed to new replies.