Mac OS X locking out AD user accounts

[jwestlake]

I may have posted about this problem before. I originally thought it was MS Entourage 2004 causing the account lockouts, but now, I’m thinking it’s Mac OS X. Here’s the story…

Every so often, for no reason whatsoever, some of my users’ AD accounts will become locked out. The user has not typed their password incorrectly, nor have they even been prompted for it anywhere. All of a sudden, Entourage will prompt for passwords, no servers can be reached, etc.

I used to think it was Entourage because the biggest symptom was when Entourage prompted for a password even when one was saved in the keychain. But today, in setting up a new machine on our Win2k AD, I decided to watch the user’s account on all our domain controllers while I set up Directory Access.

After the machine was bound, restarted and before I ever even logged the user in, I checked our domain controllers. Somehow, there had been 6 bad passwords sent to 3 different domain controllers, 2 of which had locked out the account. At no time had I attempted to log the user into the machine. I had performed 2 or 3 "id" commands in terminal to get their UID from AD so I could set some permissions on files and folders. That was it.

The machine name is the same as the user name. That’s the only connection I can make. I was logged in as a local admin at the time.

Has anyone else experienced anything like this?

[Shan Younker]

I’m starting to roll out AD login throughout my department and have begun to see this issue. It’s happening with both 10.3.9 and 10.4.8. Sometimes it happens during the day, other times while the user is logged out overnight. I have not come across any solutions on the net.

[Author]

Posts