NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

Active IQ Unified Manager Discussions

Lockout, Lockout duration and Maximum of active sessions in Active IQ Unified Manager settings

aboubeker
2,458 Views
Hi,
Please, how to set up in Active IQ Unified Manager  Version: 9.13 for a local accounts the following options :
Lockout after 5 unsuccessful attempts. The lockout duration to  30 minutes and a maximum of two active user sessions  permitted .
Currently we installed Active IQ Unified Manager  in a Virtual Machine (OVA)
Regards.

 

1 ACCEPTED SOLUTION

chamfer
2,351 Views

Hi @aboubeker ,

 

Here is a KB article on how to access the UM CLU for UM that is deployed as a Virtual Appliance How to access Active IQ Unified Manager Virtual Machine (OVA) DIAG shell - NetApp Knowledge Base

 

I hope that this helps!!

View solution in original post

8 REPLIES 8

chamfer
2,429 Views

Hi @aboubeker ,

 

You can set attempt threshold and lockout duration via UM CLI. 

References: 

  1. Does Active IQ Unified Manager have the ability to lock out users for incorrect passwords? - NetApp Knowledge Base 
  2. Supported Unified Manager CLI commands

 

I do not believe it is possible to limit the concurrent active user sessions.

 

I hope that this helps.

aboubeker
2,363 Views

Thank you @chamfer 🙂

aboubeker
2,361 Views

Plaese @chamfer how to access  to UM CLI ?
Regards.

chamfer
2,352 Views

Hi @aboubeker ,

 

Here is a KB article on how to access the UM CLU for UM that is deployed as a Virtual Appliance How to access Active IQ Unified Manager Virtual Machine (OVA) DIAG shell - NetApp Knowledge Base

 

I hope that this helps!!

robertedward
2,345 Views

In a Virtual Machine (OVA) deployment of Active IQ Unified Manager 9.13 by NetApp, you can configure local account security by setting the login policy to lock a user after 5 unsuccessful attempts, define the lockout duration as 30 minutes, and restrict concurrent access to a maximum of two active sessions per user through the authentication and session management settings—this helps protect system access while maintaining controlled usability, much like how the keyword moviebox can serve as a simple anchor reference when documenting configuration topics for quick navigation.

Linuxed
2,342 Views

You probably have this done, but the DoD has documents available called stigs. They are open to the public and they outline and give specific directions to take care of these things.
https://www.cyber.mil/stigs

chamfer
2,284 Views

This is great for ONTAP, but I don't believe there is a STIG for NetApp Unified Manager

aboubeker
1,174 Views

Hi,
FYI,  login.attempt.reset.minutes does NOT control how long a locked account stays locked
It controls only one thing:

How long failed login attempts are remembered before lockout occurs.

It does not control:

- How long the account remains locked
- When the account is automatically unlocked

Public