Windows Logon Account Locked Out

Hi folks,

I’ve installed oS11.2 on a test box and joined it to our office domain without a problem. It’s presently using winblows domain for authentication.

I can login normally, but when I attempt to unlock the screensaver using my windows credentials I am told that my account is “locked out, contact admin…”

A quick look at AD shows that my account is indeed being locked out, presumably when the 11.2 locks the screen.

Can anyone explain what’s causing this and how I can correct it?

Thanks

the screensaver is running on your openSUSE machine, right?

if so, the windows network should not get involved in unlocking…

so, just use the password you gave for yourself, on your machine when
you installed openSUSE…


palladium
Ubuntu is an African word meaning “I can’t set up Debian.”

Ahh, kudos palladium.

Looks like you’re the only one brave enough to tackle this. Unfortunately it’s not that simple.

Yes, the screensaver is running on the 11.2 box, I too assume that the local winblows domain controller would have nothing to do with unlocking it. Perhaps I haven’t been terribly clear. Sorry. :slight_smile:

I’ll try again…

The login account in question was not created during the 11.2 install. The 11.2 box was joined to the domain using my domain network administrator credentials, and only an 11.2 root pword was set. No other user accounts were created on the 11.2 box.

My first login to the 11.2 machine was with my winblows domain end-user credentials (thus creating the 11.2 home directory /home/<domain name>/smcdaniel).

The screensaver expects these credentials to unlock the screen on the 11.2 box, but notifies me that the associated domain account (smcdaniel) has been locked out on the domain controller on our network.

Going into Active Directory Users and Computers confirms this. (Don’t know if you know anything about AD; please forgive the following if it’s not necessary) An account lockout like this typically occurs when the typical id10t end-user enters the wrong pword too many times at their winblows login screen or other similar nonsense.

Ultimately, I smell the stench of some bizzaro winblows misunderstanding here, i.e., the domain controller not liking the flavor of authenticating with a linux box.

I’m hoping someone around here has run into this oddity as well and can point me in the right direction. I’d really like to replace many of the outdated, craptaculous winblows servers around here with shiny new linux boxes, but they’d need to play nice-nice with winblows domain credentials. :slight_smile:

Thanks

ainsof wrote:

> Unfortunately it’s not that simple.

i knew i shouldn’t have touched this tar-baby (i try to avoid all
Redmond intersects as they are always trouble, since i know less than
zero about their software–left it completely in 1995)

> The login account in question was not created during the 11.2 install.

how did you install without creating a user account?
it is one of the steps in the install script…if you don’t give a
user name and password it won’t go to the next install step, it just
sits there and looks at you until the electricity runs out!!

> The 11.2 box was joined to the domain using my domain network
> administrator credentials, and only an 11.2 -root- pword was set. No
> other user accounts were created on the 11.2 box.

not possible!

> My first login to the 11.2 machine was with my winblows domain
> -end-user- credentials (thus creating the 11.2 home directory
> /home/<domain name>/smcdaniel).

no, the first log on had to occur after the install…and, the
install couldn’t have been done without creating a user

now, if you want to tell me that the only user you created during the
install was root, that is an entirely different thing…

and, a VERY VERY bad thing…for one thing you should never ever log
into KDE/Gnome/X windows as root, EVER!

so, start over, and this time do it right make a normal user
(smcdaniel is ok and give that user a password)

then, UNcheck the box saying to use the same password for root and
give root a STRONG password

then, how you connect it to Redmond i don’t know (or care to know, but
you might wanna look at the GREAT guides at
http://opensuse.swerdna.org/index.html (and drop some change in the
tip jar–it is NOT my jar)

so, then if you sit down at the openSUSE machine log in as the normal
user, and when the screensaver locks the screen, you use your user
password to unlock it…

if you need to do Linux Administrator duties on the OS then you become
root at a command line terminal launched from the user account, or by
using a program like YaST launched from the user account…and, give
the root password when challenged…see

http://en.opensuse.org/SDB:Login_as_root
http://docs.kde.org/stable/en/kdebase-runtime/userguide/root.html
http://tinyurl.com/ydbwssh

or you can administer the openSUSE box from your Redmond
workstation, by using a browser based program called Webmin
<http://www.webmin.com/>

> I’m hoping someone around here has run into this oddity as well and can
> point me in the right direction.

imo it is not an oddity, except that you didn’t install openSUSE
correctly to begin with so there for yours is odd…

all Linux boxes have a user AND an administrator…

don’t try to get fancy, follow the documentation and all will be smooth…


palladium
Ubuntu is an African word meaning “I can’t set up Debian.”

palladium wrote:
>> The login account in question was not created during the 11.2 install.
>
> how did you install without creating a user account?
> it is one of the steps in the install script…if you don’t give a
> user name and password it won’t go to the next install step, it just
> sits there and looks at you until the electricity runs out!!

let me hasten to add…if you leave the user IP and password blocks
blank the install script will complain…but, (i think) if you ignore
its complaints long enough it will progress to the next page…and,
if it goes to the next page you STILL have user and user password, and
they are:

user ID:
user password:

see those blank spaces? they are actually an unseen line-feed, being
made by one press of the enter key…

if that is what you did then, to get the screen saver to unlock the
screen it should simply be a matter of hitting enter before typing
anything

i’d recommend you give the normal user a normal password (and, don’t
make it too easy)…and, a name (other than <LF>)


palladium
Ubuntu is an African word meaning “I can’t set up Debian.”

Hi palladium,

> how did you install without creating a user account?
> it is one of the steps in the install script…if you don’t give a
> user name and password it won’t go to the next install step, it just
> sits there and looks at you until the electricity runs out!!

When presented with the page to setup a local user account, select windoze domain as your authentication method; the boxes to create a local account are greyed out and the install proceeds normally.

(BTW, I uncheck autologin and do *not *use the same password for root user.)

Thanks for your concern about the basics (root logins, et. al.), I’m really not a *complete *noob :slight_smile: I was one of the first Slackware users in the Navy back in '94-'95. Can’t say much more than that for another 20 years or so. :slight_smile:

Unfortunately from about 2004 to the present, I’ve been forced to live in the Redmond world professionally. I’m only now in a pay-grade (so to speak) where I can convert most of our systems over to linux.

But I see things have changed a bit (for the better) since I’ve been gone… :slight_smile:

I’ve done a complete reinstall on the test box by adding a local user account w/ local authentication, as well as again selecting windoze domain authentication, but alas, neither have corrected the account lock out problem.

Any other ideas?

> Any other ideas?

sorry, no…

but, maybe you can get some hints in one of our mod’s (swerdna)
private site at see: http://opensuse.swerdna.org/index.html

the upper left corner has lots of working with Redmond gems…if it
doesn’t jump out at you…i give up!

if you don’t find it there come back post again…and, i’ll avoid
answering, and maybe a real guru speaks up…

speaking of 20 years…i’ve been out 20 years and there is still
stuff i won’t talk about, at all…and, i couldn’t tell how much
experience you have…but, since admitted in public to being a Swabee
i guess you ain’t so smart…


palladium :slight_smile: flyboy

thanks for the info. I’ll try the link.

I never claimed to be very smart :), but I’ll post again if something doesn’t come up.

No biggie, low priority proj (at the moment at least.), but you know how quickly that can change.

thanks again