LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
Search this Thread
Old 03-29-2007, 06:22 AM   #1
zmsc1
Member
 
Registered: Apr 2006
Location: South Yorkshire, GB
Distribution: SuSE, DSL
Posts: 34

Rep: Reputation: 15
Active Directory Account Lockout


I'm running OpenSUSE 10.2 as my main OS at work - which is essentially a Microsoft site. I've joined my computer to the AD domain, and that seems to work OK, so I can access shares and printers. And because I occasionally want to run Windows, I've built an XP virtual machine running under VMWare. I've joined that to the AD domain as well, and it works perfectly once I'm logged on, but getting logged on can be a bit of a pain. When I start the virtual XP machine and try to log in with my Windows credentials, as often as not it will refuse to log on, reporting that my domain account is locked out. Domain policy says three failed login attempts then lockout for 15 minutes, after which I have another 50-50 chance of getting connected. If I reboot my PC into Windows, as long as I'm not currently locked out, I can log in without any problems. So it looks as if Linux is sending unsuccessful login attempts without any action on my part. Can anyone advise?

Thanks,
Stuart
 
Old 04-06-2007, 06:44 PM   #2
highpointe
LQ Newbie
 
Registered: Apr 2007
Location: atlantis
Distribution: SuSE
Posts: 4

Rep: Reputation: 0
same deal here

i too am having an issue with this as well as a coworker. it is definitely caused by one of the latest patches that was released. unfortunately we haven't been able to figure out which one.

i have found that not leaving mounted network drives that authenticate to AD on the desktop has helped, but it doesn't seem to have totally fixed it. i'm not sure if that is related, maybe i'm just a bit of a nutter and it hasn't helped at all.

SURE WISH SUSE WOULD LOOK INTO THIS! ;-) it's quite irritating, and the less i have to work in window$ the better!

cheers mate! hope this helps!
 
Old 04-09-2007, 10:31 AM   #3
gstewart
LQ Newbie
 
Registered: Apr 2007
Posts: 11

Rep: Reputation: 0
It could also be related to the number of concurrent login attempts from what the Windows DCs view as different hosts.

Active Directory has a bad habit of locking the account if a previous host login was not successfully logged out prior to the second host login.

I saw this pretty frequently at my last job with folks logging in and out of Citrix, on different machines. If they failed to log out of one session, they'd be locked out on the the next attempt with a different box.

How many concurrent logins is your account permitted on the Windows domain?
 
Old 04-10-2007, 01:44 AM   #4
zmsc1
Member
 
Registered: Apr 2006
Location: South Yorkshire, GB
Distribution: SuSE, DSL
Posts: 34

Original Poster
Rep: Reputation: 15
Active Directory Lockout

Thankyou both,

I think you are both on the right track. I had a mounted drive on my desktop, so I've deleted that and suddenly can get connected using Nautilus and smb://etcetera. That previously prompted me for domain ID and password, but then told me my account was locked. Now it lets me in. I don't think there's any limitation on domain logins here, so I suspect it's more about not logging out correctly. Unfortunately I don't find it easy to discuss with the domain admins around here as they think that Linux is the blackest of the black arts and don't seem to want to acknowledge its existence. Very sad.

I'll post again when I know whether my problem is partly cured or completely cured.

Stuart
 
Old 04-11-2007, 03:15 PM   #5
highpointe
LQ Newbie
 
Registered: Apr 2007
Location: atlantis
Distribution: SuSE
Posts: 4

Rep: Reputation: 0
exchange? maybe?

How are you accessing e-mail? I had originally thought that my problem was caused by the VMWare session I was running in order to run Windows and Outlook. However, I have since completely removed VMWare and am accessing my e-mail via the Exchange web client. This is the ONLY active connection I have that authenticates to the network while I am working and I still get locked out. Just thinking maybe it has something to do with Exchange.

I'm at a loss at this pointe.

Last edited by highpointe; 04-11-2007 at 03:30 PM.
 
Old 04-12-2007, 05:23 PM   #6
zmsc1
Member
 
Registered: Apr 2006
Location: South Yorkshire, GB
Distribution: SuSE, DSL
Posts: 34

Original Poster
Rep: Reputation: 15
Don't use Outlook at all here! We're Lotus Notes/Domino for e-mail (decided before we really got into Microsoft products).

And I now know the problem wasn't fixed by removing the Windows shares folder from my desktop, 'cos it has recurred, but much less often (which I think was also your experience).

Stuart
 
Old 04-13-2007, 10:34 AM   #7
highpointe
LQ Newbie
 
Registered: Apr 2007
Location: atlantis
Distribution: SuSE
Posts: 4

Rep: Reputation: 0
yup

Yes that was my experience as well. Nice to know I'm not nuts. Still searching for answers though. One question I failed to ask.... Are you running Gnome or KDE or something else? I'm running Gnome. I'm starting to wonder if it is a Gnome issue. I am going to install and run KDE for a couple of days and see if it gets better.

Cheers!

-Andy

Last edited by highpointe; 04-13-2007 at 04:47 PM.
 
Old 04-14-2007, 02:20 PM   #8
zmsc1
Member
 
Registered: Apr 2006
Location: South Yorkshire, GB
Distribution: SuSE, DSL
Posts: 34

Original Poster
Rep: Reputation: 15
Gnome here too, so I'll be interested to hear if KDE makes a difference. Can't help thinking MS put some spoiling code in AD that won't play nicely if it thinks it's talking to a Linux box.

Stuart
 
Old 04-26-2007, 11:41 AM   #9
highpointe
LQ Newbie
 
Registered: Apr 2007
Location: atlantis
Distribution: SuSE
Posts: 4

Rep: Reputation: 0
still having problems

ARGH! I GIVE UP! Fedora is looking mighty enticing at this point!!!!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Account Lockout Policy in Linux? wardialer Linux - Security 15 02-19-2009 09:38 AM
account lockout threshold pasupuleti Programming 3 10-03-2006 12:11 AM
Account lockout threshold moinpasha Linux - Security 10 09-28-2006 07:27 AM
Logging account lockout sbrewer Linux - Security 1 10-22-2005 03:48 PM
Automatic Account lockout jimrt Linux - Security 3 03-26-2003 08:32 PM


All times are GMT -5. The time now is 03:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration