How to Unlock AAA User Account

This article describes?? how to unlock AAA user account.

Background

The Citrix NetScaler has the ability to set max logons and failed logon attempt time slice limits however previously there was no ability to unlock the accounts that have breached these limits in real time. With the release of NetScaler 10.5, a new feature has been introduced which provides the ability to unlock the locked user accounts after breaching these logon limits.

Until the maxlog attempt is reached, the failed logintimeout counter does not increment but only after the maxattempts limit is crossed, logintimeout counter gets hit and starts incrementing. So if you try to login after the failedtimeout, you will be allowed to login successfully, else you needs to get the account unlocked using unlock aaa user command.

Set the Parameters maxLoginAttempts and failedLoginTimeout

To set the parameters, use the following commands:
>set authentication vserver <name>?? ?? [-maxLoginAttempts <positive_integer>] [-failedLoginTimeout <positive_integer>]
??
Note: Here, maxLoginAttempts value is 255 and failedLoginTimedout value is 65535 minutes.

Unlock the User Account Using CLI Command

To unlock the locked user account, run the following command in CLI:
>unlock aaa user <username>

How to Use the Parameter

Complete the following steps:

1. Set AAA logon parameters on AAA Vserver, enter maxLoginAttempts to 5 and failedLoginTimeout to 3 minutes.
   >set authentication vserver <name>?? ?? -maxLoginAttempts 5?? -failedLoginTimeout?? 3

2. Type incorrect credentials for the first two attempts and then try typing the correct or incorrect credentials for the third attempt.
   “You have exceeded the maximum login attempts. Please contact your administrator" message appears.

3. Unlock?? the user account?? using the following CLI command:
   unlock aaa user <user-name>

4. Now log on again with correct credentials. The logon should be successful.

Note: Locked AAA user accounts can also be unlocked from NetScaler GUI:
Security?? > AAA > Application Traffic > Users > Action > Unlock