[Samba] NT_STATUS_ACCOUNT_LOCKED_OUT
Mark Foley
mfoley at ohprs.org
Fri Jan 18 00:22:16 UTC 2019
I'm having a very annoying problem I can't figure out. I've been running Samba4 as our office
AD/DC for several years. This is a recent problem.
Whenever I Remote Desktop into a particular Windows workstation (192.168.0.4) I get the
following message in /var/log/samba/log.samba:
Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)]\[mark at HPRS] at [Thu, 17 Jan 2019 18:43:26.477871 EST] with [arcfour-hmac-md5] status [NT_STATUS_WRONG_PASSWORD] workstation [(null)] remote host [ipv4:192.168.0.4:54315] mapped to [HPRS]\[mark]. local host [NULL]
This message repeats in groups of 3 every 5 minutes for as long as I am logged into this
computer. It does not matter if I am remoting in from another Windows host on the LAN (as
domain user 'mark') or if I am logging from a remote, non-domain computer. I am not logging
into the target computer as my domain id 'mark'. When logging in from a LAN workstations, I am
logged into the original workstation as domain user 'mark', but when logging in from a remote
computer I am not user 'mark' on any remote. I am remote desktopping into the target computer
as the AD Domain Administrator. So, I don't know where it's getting the "user
[(null)]\[mark at HPRS]" bit from.
After some period of time (or some number of "wrong password" messages), my account gets locked
out. The next time I try logging in from Remote desktop, or if I try ntlm_auth, I get the
following message:
auth_check_password_recv: sam authentication for user [HPRS\mark] FAILED with error NT_STATUS_ACCOUNT_LOCKED_OUT, authoritative=1
[2019/01/17 00:24:22.733958, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable)
At this point I have to go into ADUC and disable and re-enable the user account in order to be
able to log back in.
Does anyone have any idea what is going on and how to fix this?
THX --Mark
More information about the samba
mailing list