LDAP Account Locked Out Sporadically after Password change - Finding the source of invalid attempts

Posted by CityView on Server Fault See other posts from Server Fault or by CityView
Published on 2011-03-01T16:28:00Z Indexed on 2011/03/02 15:26 UTC
Read the original article Hit count: 266

Filed under:
|
|

On a small network of machines (<1000) we have a user whose account is being locked out after an indeterminate interval following a password change.

We are having severe difficulties finding the source of the invalid logon attempts and I would appreciate it greatly if some of you could go through your thought process and the checks you would perform in order to fix the problem.

All I know for sure is that the account is locked out several (5+) times a day, I can't even be sure it's due to failed login attempts as there is no record of failure until the account is locked.

So far I have tried;

  • Logging the account out of everything we can think of and back in with the new password
  • Scanning the user's box for any non standard software which might perform an LDAP lookup
  • Checking all installed services on our production boxes to check none are attempting to run under the account
  • Changing the user back to their old password (Problem persists so perhaps password change is a red herring)
  • Wireshark on a box where lots of LDAP authentication is performed - Rejects only occur after account is already locked out
  • Clearing the credential cache in - Control Panel -> User Accounts -> Advanced
  • Looking at the local

I'm at a loss for what to try. I am happy to try any suggestions you have in order to diagnose the issue. I think my question boils down to a simple request;

I need a technique for deriving the source (Application/Host) of the invalid login attempts which are causing the account to be locked.

I'm not sure if that's even possible but I suspect there must be more I can try.

Many thanks,

CityView

© Server Fault or respective owner

Related posts about windows-xp

Related posts about ldap