Re: [Condor-users] credd locking out accounts with inexplicable bad logon attempts

["Taylor, Brian T." <Brian.Taylor@xxxxxxxxxx>]

I don't have any light to shed but I experienced very similar problems on an LDAP/Samba backed domain. Randomly and unpredictably, a user executing run_as_owner jobs would be locked out of their account because condor tried to authenticate them with a bad password. I never figured out why this was happening and I eventually stopped using Condor and replaced it with my own service.

On May 18, 2012, at 1:32 PM, Rowe, Thomas wrote:

I am having troubles with credd on Windows generating loads of "Logon Failure" events. The stored credentials for the relevant users are definitely valid. For no obvious reason, run_as_owner jobs spuriously produce events like these:  "Unknown user name or bad password; Logon Type: 3; Logon Process: Advapi; Authentication Package: Negotiate".

 

If three such of these happen within an hour, the account gets locked out. This happens frequently. Is this an understood issue? I can't rule out that ActiveDirectory on this network is misconfigured in some way.

 

Probably relevant: `condor_store_cred query` also spuriously reports invalid or missing credentials. If you simply wait a couple minutes it will then report the stored credentials are valid. So apropos of nothing, the credentials seem to temporarily blink out of existence. I've seen this behavior on two different networks.

 

Can anyone shed some light? I'm near the end of my rope with this stuff. I might have to rip out condor and write some services, which I really didn't want to do.

 

Thanks.

_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/