How Do I Unlock a User that is Locked Out?
Question: How do I unlock a user that's locked out?
Answer:
To reset lockouts, briefly change the expiration timeout and revert the settings. Follow the steps for either the Admin Web UI or CLI:
If you wish to unlock a locked-out user manually, follow the steps below.
Tip
You can't unlock a single, specific user. The steps below allow you to set the automatic lockout reset period to one second and then revert it back to the default value.
Manually unlock a user from the Admin Web UI
Access Server 2.10.2 and newer configures the lockout policy in the Admin Web UI. To manually unlock users, follow these steps:
Sign in to the Admin Web UI.
Click Authentication > Settings.
Under Password Lockout Policy, take note of your current value for the Lockout release timeout in seconds.
Set the value to 1.
Wait two seconds.
Set the value back to your initial value.
Tip
Access Server's default lockout is set to 900 seconds, or 15 minutes.
The locked-out user can sign in again.
Manually unlock a user from the CLI
Connect to your Access Server console and get root privileges.
Change your directory to use the sacli tool.
cd /usr/local/openvpn_as/scripts/
Run these commands to set the lockout to one second, wait two seconds, and then set it back to the default value of 15 minutes. (If desired, modify the command for your preferred lockout time.)
./sacli --key "vpn.server.lockout_policy.reset_time" --value "1" ConfigPut ./sacli start sleep 2 ./sacli --key "vpn.server.lockout_policy.reset_time" --value "900" ConfigPut ./sacli start service openvpnas restart
The locked-out user can sign in again.