Hmm. Good point. Most of the users haven't upgraded their user clients
yet and are still using AR User 5.1.2 p1267 (yes, I know this is bad and
we're working on updating everyone's clients). But nobody uses the
Alert tool.
Thanks!
John
-----Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Grooms, Frederick W
Sent: Wednesday, February 28, 2007 3:59 PM
To: arslist@ARSLIST.ORG
Subject: Re: Locking out AD accounts
**
You don't state if your users are using patch 18 of the User
tool or not... There is a bug fixed in User Tool patch 17
SW00234712 -- When it fails to login to Alert Tool, AREA Plugin
is called twice. When it fails to login to Admin, User, Import Tool,
AREA Plugin is called once.
Can your users be bringing up the Alert Tool also? If they are
then when they type their password wrong they can be making 4 AREA tries
(User to 2 servers and Alert to 2 servers).
Fred
_____
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of John Hanson
Sent: Wednesday, February 28, 2007 5:44 PM
To: arslist@ARSLIST.ORG
Subject: Re: Locking out AD accounts
**
Not quite - we have 2 servers in our server group.
Thanks,
John
-----Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Joe DeSouza
Sent: Wednesday, February 28, 2007 3:34 PM
To: arslist@ARSLIST.ORG
Subject: Re: Locking out AD accounts
**
You don't happen to be behind a server group having 3 or
more servers are you?? I cannot really confirm it but it might be
possible that the AR Client is designed to try the next server if it
doesn't get into the first one and so on.. until it fails on 3 or more
thus invalidating the user on AD with 3 bad password attempts...
Just a thought...
Joe
----- Original Message ----
From: John Hanson <[EMAIL PROTECTED]>
To: arslist@ARSLIST.ORG
Sent: Wednesday, February 28, 2007 5:55:24 PM
Subject: Locking out AD accounts
**
Hello all,
Since we upgraded to 6.3 I've been getting several
reports from users who say that their active directory accounts are
being locked out after a single bad password attempt, whereas in the
previous version this was not the case. We're using the same AREA LDAP
integration now that we did before, but it seems that in 6.3 Remedy
tries to contact the LDAP server several times instead of just once.
Does anyone know of a configuration setting that I can add that would
prevent it from making so many attempts?
I found something of use in a KB article for version
5.1.2, but it doesn't seem to apply here...: It is recommended that
users use 5.0.1 patch 1136 or higher of the client User Tool because it
fixes a problem where if the user enters in the wrong password, the
unpatched version keeps trying to login the user 5 times. Most customers
have a rule set up to lock out a users account if they try three times
without entering in the correct password. Therefore, the unpatched user
tool can lock out a user's NT account if they make one mistake on the
password.
Any thoughts are appreciated.
ARS 6.3 p18
Solaris 9
Oracle 9.2
Thanks!!
John Hanson
Remedy Administrator/Developer
The Standard
1100 SW Sixth Avenue
Portland, OR 97204
Telephone (971) 321-7153
[EMAIL PROTECTED]
__20060125_______________________This posting was submitted with
HTML in it___
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
