[Samba] Account lockouts
rajat swarup
rajats at gmail.com
Fri Jan 21 19:46:54 MST 2011
Hi,
I have a Windows 2003 AD domain and samba / winbind unix boxes
authenticating with the domain. I changed the account policy on my AD
domain to include a 5 attempt invalid attempt lockout. After
implementing this change 4 users are having their accounts locking out
every hour or so. I checked if any of these users had running
processes on the unix box and they did at the time when the change was
implemented. I have since killed their orphan processes. However, I
still keep getting the following errors on my security log (and the
accounts keep locking out):
[snip]
Pre-authentication failed:
User Name: user1
User ID: DOMAIN\user1
Service Name: krbtgt/DOMAIN.COM
Pre-Authentication Type: 0x0
Failure Code: 0x12
Client Address: 192.168.246.134
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
[/snip]
In the Directory Service logs I see the following entry:
[snip]
Active Directory could not update the following object with changes
received from the domain controller at the following network address
because Active Directory was busy processing information.
Object:
CN=User 1,OU=Testing Services Team,OU=TESTER V,DC=domain,DC=com
Network address:
e5523049-53f1-4274-858b-c68971599acf._msdcs.domain.com
This operation will be tried again later.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
[/snip]
The samba daemon runs at 192.168.246.134 with a kerberos setup.
Any help would be most appreciated.
Thanks and regards,
--
Rajat Swarup
www.rajatswarup.com
More information about the samba
mailing list