Admin account lockout policy for the NSX-T Edge and Manager nodes
Article ID: 316650
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms:
After a number of failed login attempts, you see this symptom:
The NSX-T Manager or Edge node automatically locks out.
After a number of failed login attempts, you see this symptom:
The NSX-T Manager or Edge node automatically locks out.
Environment
VMware NSX-T
Cause
By default, the lockout is triggered after 5 failed attempts and the lockout period is 900 seconds (15 minutes).
The NSX lockout policy is a security feature that disables a user account when a certain number of failed login attempts occur due to wrong passwords within a certain interval of time.
Notes:
The NSX lockout policy is a security feature that disables a user account when a certain number of failed login attempts occur due to wrong passwords within a certain interval of time.
Notes:
- During a lockout period, if a failed login attempt occurs, the lockout period will reset.
- After the lockout period expires (without any failed login attempts), the account is automatically unlocked.
Resolution
The account lockout policy can be checked using this command:
get auth-policy cli lockout-period
To set the lockout period, use the set auth-policy cli lockout-period command.
For example, to set the lockout period to 2 minutes (120 seconds):
set auth-policy cli lockout-period 120
You can also set the Number of authentication failures to trigger lockout with this command.
For example, setting it to two failed attempts:
set auth-policy cli max-auth-failures 2
Note: All commands provided above are run at the central CLI of an NSX Manager or Edge Node, using the 'admin' account for access.
Feedback
Yes
No
Powered by
