System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Problem with user accounts, kerberos, active directory, hp-ux

SOLVED
Go to solution

Problem with user accounts, kerberos, active directory, hp-ux

recently discovered a problem when specific users log onto our HP-UX servers.

The server allows them to log in, but then a bad password request is passed onto our domain controller.
I can track these bad request using Microsoft's LockoutStatus.exe.

As soon as the user logs on with their Unix username (which is the same as their windows username) the server grants access, but there is a bad password logged on the domain controller. If they don't log on successfully to AD (as in log off of windows, or log in to unix with their windows account) they will keep passing bad passwords until their account is locked out.

We have kerberos installed on our UX servers, and users can authenticate with the unix password and the windows password. We plan to authenticate soley by Active Directory some time later. So allowing them to log with the windows password is not ok for now, technically. So I would like to know the cause nonetheless.

This is only affecting 3 users, they do work in the same department, and it only happens when they log onto unix with their unix password. All users are setup the same way on unix.

Thanks in advance, the responses are always great.

Rahim Johnson
It can be fixed!! We just have to figure out how.
2 REPLIES
Steven E. Protter
Exalted Contributor
Solution

Re: Problem with user accounts, kerberos, active directory, hp-ux

Shalom,

This document should help:

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1312879

pdf inside

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Re: Problem with user accounts, kerberos, active directory, hp-ux

Thanks for your help. It turns out that all logins are being reported as bad passwords in Active Directory. These users were unique in that they were opening up four terminal windows in succession and this was locking them out. It was ironic that although we have dozens of users in multiple departments, only these 3 users had the problem. That is what initially threw us off.

Since then other users have had the problem as well. So we need to adjust how are authentication works. We would like to use windows passwords but there is an 8 character limit until we upgrade to HP-UX 3.

Thanks again
It can be fixed!! We just have to figure out how.