Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

251

252

253

254

255

256

257

258

259

260

Parameter Action/Description

n May not contain User ID or its characters in reversed order.

n May not contain a repeated character four or more times

consecutively.

Expiry Days 6. Set the password expiration time for local users.

The allowed range is 0 to 500 days. The default value is 0.

NOTE: If the value is set to 0, the password never expires. For any other

value, local users are forced to reset the expired password when they log in.

W-ClearPass alerts users five days before the password expires.

History 7. Specify the number of previous passwords for this user to be compared

against.

This option prevents users from setting a password that was used

recently. Valid options are from 1 to 99.

Reminder 8. Configure the reminder message.

Setting this option displays a reminder after n days to change the

password. The valid options are from 1 to 365. When set, this option only

displays a reminder; it does not prompt for a new password.

The message to be displayed can be set accordingly.

NOTE: The Reminder parameter is applicable for TACACS+ authentication

only. The other settings are applied to all users.

Table 127: Password Policy Parameters (Continued)

Disabling Local User Accounts

Disabling a local user account can happen in two ways:

l When a local user tries to log in with an invalid password for a configured number of times defined by the

Failed attempts count parameter, the local user account is locked.

If the mechanism for logging in to W-ClearPass Policy Manager is Certificate + Password, the local user is allowed to

enter the password even if the certificate is invalid.

l When the local user tries to log in with an invalid user certificate for a configured number of times defined

by the Failed attempts count parameter, the local user account is disabled.

A local user’s failed login attempts are counted only when the Password_Mismatch, Password_Not_Available, and

User_Authentication_Failed error messages occur.

l To reset the Failed attempts count and enable a disabled local user account, click the Reset button (see

Table 128).

l For Local users whose accounts are locked due to account settings validations, and whose accounts are

enabled again after being locked out, entries are logged in both the Audit Viewer (see Audit Viewer on page

167) and the Event Viewer (see Event Viewer on page 169).

The Disable Account check occurs every day at midnight, except for the Failed attempts count. Other local

user configuration settings are applied to all local users.

To specify the conditions for disabling local user accounts:

1. Navigate to Configuration > Identity > Local Users.

Dell Networking W-ClearPass Policy Manager 6.6 | User Guide Configuring Identity Settings | 257