[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[HTCondor-users] CREDD on windows locking out users
- Date: Thu, 4 Jun 2015 15:49:29 +0000
- From: "Rowe, Thomas" <rowet@xxxxxxxxxx>
- Subject: [HTCondor-users] CREDD on windows locking out users
I am getting spurious CREDD errors leading to user account lockouts. All machines are Windows 7, on an air-gapped network. I've actually seen this on two entirely different networks now. The domain controller is configured to lock an account after three failures.
I have a credd running on all machines and these pertinent config options set:
starter_allow_runas_owner = true
credd_cache_locally = true
skip_windows_logon_network = true
On a given machine (not the master, I haven't looked closely at those logs yet) after a lockout I will randomly see in the credd log file entries like this:
NETWORK logon failed. Attempting interactive
Failed to log in me@domain with err = 1326
[a couple refrains of this later, and then:]
NETWORK logon disabled. Trying INTERACTIVE only!
Failed to logon me@domain with err = 1909
I will also sometimes see "condor_store_cred query" randomly report that there is no stored credential or the credential is invalid for a user. Wait about sixty seconds and often as not without having made any changes at all "condor_store_cred query" will go back to claiming everything is fine.
This is terribly vexing and potentially makes HTCondor non-viable here. Hopefully somebody can offer pointers on how to debug and fix this? Unfortunately, these are air-gapped secure networks and I simply cannot provide logs for review. I will need directions on how to examine outputs.