We're using PEAP with a Cisco 5508 Wireless LAN controller for authentication onto our WiFi.
Our domain controllers are Windows Server 2008 R2.
Our NPS servers are Windows Server 2008 R2.
I've implemented Account Lockout on the NPS servers by setting the MaxDenials to 2 and the ResetTime to 15.
The Account Lockout is working in general for other RADIUS clients, but not when invalid attempts to connect to our Wifi via the Cisco 5508 WLC happen.
Using IAS Log Viewer, when successful connections to the 5508 WLC happen, the Connect Request field shows "IAS_SUCCESS". When bad-password-attempts to the 5508 WLC happen, the Connect Request field is blank. So my theory is that NPS is unaware of the failed attempt, therefore never locks out the account.
Any ideas?