Skip to main content
Question

10.8.5 Mac's logging 2 incorrect attempts against Active Directory with one bad try. badPwdCount

  • October 30, 2013
  • 8 replies
  • 44 views
C
Forum|alt.badge.img+20

Hey guys,

I just wanted to see if you have seen this issue.

Users will type in the password wrong once but it will actually log 2 incorrect attempts to Active directory.

dsAttrTypeNative:badPwdCount: 2

I even found a post from Rich talking about this very issue.

"Mountain Lion can send multiple password attempts for each attempt by the user. I had a case open with AppleCare Enterprise about the same issue and the eventual solution was to raise the lockout level."

Raising the lockout level is not going to be a solution here, even though it may be one for other people.

I guess the real question is why is it logging 2? We are going to try and look at the individual event lock out logs on the AD Server.

    8 replies

    A
    Forum|alt.badge.img+7
    • agirardi
    • Contributor
    • October 30, 2013

    I have been seeing this in our environment as well. I could not reproduce it every time, but now and then we have customers call being locked out, saying they typed it incorrectly 1 time.

    We are using AD as well, and our policy is set to lockout after 5 unsuccessful.

    dpertschi
    Forum|alt.badge.img+19
    • dpertschi
    • Contributor
    • October 31, 2013

    @agirardi: can you share the URL to Riche's post on this, I can't find it.

    this worries me.

    thanks, D.

    R
    Forum|alt.badge.img+33
    • rich.trouton
    • Hall of Fame
    • October 31, 2013

    I'd posted this to Apple's Client Management list:

    http://lists.apple.com/archives/client-management/2013/Sep/msg00001.html

    armando
    Forum|alt.badge.img+13
    • armando
    • Contributor
    • October 31, 2013

    We been having this issue since 10.8 came out and was forced to stay at 10.7.x because of it. They did fix it in Mavericks so maybe I will just skip 10.8 altogether.

    C
    Forum|alt.badge.img+20
    • ClassicII
    • Author
    • Valued Contributor
    • October 31, 2013

    Interesting, so its confirmed 1 bad attempt is passed with 10.9 ?

    We going to put in a ticket on this. The problem is every one else probably did too and it was not fixed. The answer we will get back will be to upgrade to 10.9 for the fix. :(

    mm2270
    Forum|alt.badge.img+24
    • mm2270
    • Legendary Contributor
    • October 31, 2013

    Apple's answers to just about anything fixed recently is to upgrade to 10.9. Mavericks *IS[/i] the upgrade to anything from 10.6 through 10.8, didn't ya know? Apparently they don't see what the problem is with this and we're all just crazy.

    N
    Forum|alt.badge.img+19
    • nkalister
    • Contributor
    • November 1, 2013

    yeah, upgrade to 10.9 was apple's response to the 802.1x+wifi issues with the system keychain in 10.8.

    C
    Forum|alt.badge.img+20
    • ClassicII
    • Author
    • Valued Contributor
    • December 10, 2013

    Yes this his has been fixed in 10.9

    Still though what was changed? I want to have it working on 10.8 but I know I am out of luck on that front.

    Terms & ConditionsCookie settingsAccessibility statement