Christopher Dick
2007-Sep-30 14:13 UTC
[Samba] Linux in a Windows 2k3 domain - odd lockout issue
I am currently running an openSuSE 10.2 machine in a
Windows 2k3 domain. I have upgraded to Samba 3.0.26a,
hoping it would solve my issue, but so far no luck.
I was successful in adding my machine to the domain,
and the DC logs show repeated successful
authentications, and those few typo'd attempts, but
nothing that is a sequence of failed logins.
I get tickets and can access shares from machines all
over the network without needing to re-authenticate.
The problem is, at approx. 3:30 every afternoon, the
domain controller locks my user ID as if I had failed
repeatedly to type in the correct password. Though
the DC does not show this in the logs.
In exchange for running Linux, I am told I can't call
help desk for support, and no changes can be made to
systems expressly to make them "linux compatible."
Any help is appreciated, if someone might have an idea
of what this might be.
Thanks!
____________________________________________________________________________________
Shape Yahoo! in your own image. Join our Network Research Panel today!
http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
Doug VanLeuven
2007-Sep-30 16:45 UTC
[Samba] Linux in a Windows 2k3 domain - odd lockout issue
Christopher Dick wrote:> I am currently running an openSuSE 10.2 machine in a > Windows 2k3 domain. I have upgraded to Samba 3.0.26a, > hoping it would solve my issue, but so far no luck. > > I was successful in adding my machine to the domain, > and the DC logs show repeated successful > authentications, and those few typo'd attempts, but > nothing that is a sequence of failed logins. > > I get tickets and can access shares from machines all > over the network without needing to re-authenticate. > > The problem is, at approx. 3:30 every afternoon, the > domain controller locks my user ID as if I had failed > repeatedly to type in the correct password. Though > the DC does not show this in the logs. >I only know of logon hours under the user account on the AD. Maybe your systems require a more frequent machine password change than one week. It would be helpful to know what steps you take to re-enable the account or how long you have to wait. Does samba manage the keytab or did you manually add the kerberos keytab principals? Regards, Doug