NMAS - Login lockout problems

[nwoliver]

I am having problems with users being locked out of their acccounts for no apparent reason. I check the console log and I show that, in many cases, they are locked out late in the previous afternoon (while they are still logged in to the network), and when they come in the next day they are, of course, still locked out. I have the intruder lockout set to 6 attempts.

They profess to have NOT re-logged in or otherwise caused themselves to be locked out. Any ideas? I am running SBS 6.6 on several servers.
thanks
nwo

 

[Datong]

Hi,

have you checked the users Login Time Restrictions ?

 

[nwoliver]

I have no login time restrictions on my network.
nwo

 

[Cwgunder]

We've had similar problems on our network in the past, and the problems were related to the replication of NDS. Running a full unattended dsrepair Novell servers seemed to fix it.

We repeated that on each server until the error counter reported zero errors and moved the next server.

I'm fairly new to the Novell servers, so I'm not entirely sure if it will help, but the repair is farily quick, and couldn't hurt to try.



Hope this helps

Good Luck!

Chris

 

[nwoliver]

Thanks very much.. Yes, I finished doing that just before lunch today and I am going to have someone test the theory and see if it works.. The next step is to hope that it is not really a network issue and reload MSOffice on the workstation, fully patch it and hope for the best.

 

[nwoliver]

oops.. wrong thread. Though maybe the dsrepair will help with this on also.
thanks
nwo

 

[meBrian]

nwoliver -
Have you determined what is the culprit? Here are a few ???s that may help shed some light on the probelm:

-What must you do in order to get them back on the network?
-Is their login successful after 12 hours, 24 hours, etc.?
-Do you have group or context restrictions, and if so, what do they include?
-Are all affected users logging into the same server?
-Is it the same users everytime having the problem?

Let us know the answers as it may point us in the right direction.

Good Luck!

 

[nwoliver]

No, I have not been able to narrow it down yet.

1. The issue is a simple intruder lockout. I just go into Console One and unlock them.
2. It is a typical 24 hour lockout. In most cases the lockouts occur the previous afternoon while the user is still logged in. They are typically unaware of being locked out until they attempt to login the next day.
3. Each individual does have group restrictions, in that they are members of groups that define what their data access rights are.
4. Yes, they all login to the same server. I have several servers, but for typical users, they login to our main server for data access.
5. It does seem to be the same several users, but at differing times - with an odd scattering of other people occasionally. It is almost as if they login incorrectly once and they rack up several bad login attempts at one time.

I would generally attribute it to user error, however the issue of them becoming locked out the previous day while still logged in seems to contradict that.

If you need more detail, let me know.
nwo

 

[marvhuffaker]

Nick, I was thinking more about this.. And I owed you a list of things you needed to download..

I wonder if it is a problem with NMAS on the workstation and maybe a screen saver kicks in but then doesn't come out of it properly. Or it could be something similar. There are lots of tids about strange password issues related to NMAS... but if you think about it, a wrong password is what is kicking the Intruder Lockout setting.

Anyway, there are two updates that have resolved some MAJOR NMAS issues that I've seen, and the good news is they are Server Side patches.

- NW6.5 SP5 (if you don't already have it).
- eDir 8.7.3.8. Download it from the patch site.
- SSP201 - Security Services Patch. Includes a big update to NMAS, and is available at DOWNLOAD.NOVELL.COM - just search for SSP201.

All of them are installed from NWCONFIG.

Marvin

Marvin Huffaker, MCNE

http://www.redjuju.com

 

[nwoliver]

Thanks Marvin.. I had two more locked out yesterday, both in the middle of the afternoon. One of them found out about it this morning and the other is (thankfully) out of town today. He is the Executive VP and so far I have caught his lock out incidences the last couple of times.

A screen saver issue seems to make sense. I have pulled the SP5 but not installed it. I will pull the others and take care of them asap.
thanks
nwo

 

[nwoliver]

I have sp5 and found the eDir 8.7.3.8 but the spp201 eludes me. Is that the actual file name?
nwo

 

[marvhuffaker]

SSP201 is not a patch, it's a product. So it's on a different location.

It's at

http://www.download.com

(Same place you download the Novell client from, for example). Search for SSP201 and it will come up.



Marvin Huffaker, MCNE

http://www.redjuju.com

 

[ntco]

Also, make sure in the NIC properties that the option to:

"Allow the computer to turn off this device to save power"

isn't checked (LAN properties/configure/power management). I found out the hard way after the user changed the regular power management settings when fiddling around with a screensaver. not such a big deal, except if that setting above is checked. When the NIC goes off, depending on your client settings any number of things can happen.

 

[nwoliver]

Just to close out this thread, it seems that the updates in question have solved the problem. I applied the patches this last weekend and have had no lockout problems since.. thanks for all your help.
nwo