[Samba] Account lockouts

rajat swarup rajats at gmail.com
Fri Jan 21 19:46:54 MST 2011


Hi,
I have a Windows 2003 AD domain and samba / winbind unix boxes
authenticating with the domain.  I changed the account policy on my AD
domain to include a 5 attempt invalid attempt lockout.  After
implementing this change 4 users are having their accounts locking out
every hour or so.  I checked if any of these users had running
processes on the unix box and they did at the time when the change was
implemented.  I have since killed their orphan processes.  However, I
still keep getting the following errors on my security log (and the
accounts keep locking out):


[snip]
Pre-authentication failed:
 	User Name:	user1
 	User ID:		DOMAIN\user1
 	Service Name:	krbtgt/DOMAIN.COM
 	Pre-Authentication Type:	0x0
 	Failure Code:	0x12
 	Client Address:	192.168.246.134


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
[/snip]

In the Directory Service logs I see the following entry:
[snip]
Active Directory could not update the following object with changes
received from the domain controller at the following network address
because Active Directory was busy processing information.

Object:
CN=User 1,OU=Testing Services Team,OU=TESTER V,DC=domain,DC=com
Network address:
e5523049-53f1-4274-858b-c68971599acf._msdcs.domain.com

This operation will be tried again later.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
[/snip]

The samba daemon runs at 192.168.246.134 with a kerberos setup.

Any help would be most appreciated.

Thanks and regards,
-- 
Rajat Swarup
www.rajatswarup.com


More information about the samba mailing list