• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1029
  • Last Modified:

Cached password causing AD account lockout

Some of our users have started to use one of our customers SharePoint team site, they log on using their email address as the username and a password issued by the customer.

When they access the team site, they receive a standard windows login box, no option to save the password or not. After logging on and after a few minutes their account in our AD domain is locked out.

The email address is an acceptable username in our domain, so our theory is that the login information is saved/cached and then used as default on all authentication attempts (alot of which occurs in the background)

Seems that each activity (login, opening a document, changing folder etc) performed on the web site is causing 1 bad password attempt.

Security log on the dc shows the following:
675,AUDIT FAILURE,Security,Fri Sep 10 12:26:53 2010,NT AUTHORITY\SYSTEM,Pre-authentication failed:

Any ideas on how to solve this?
0
kogas
Asked:
kogas
  • 2
  • 2
1 Solution
 
LaserSpotCommented:
You could clear passwords from the web browser (even though it didn't ask to remember one):
Internet Explorer -> Tools -> Internet options -> Delete -> Passwords

Is Windows remembering any passwords?
Start -> Run -> type: control keymgr.dll [Enter]
0
 
arnoldCommented:
The sharepoint server is likely on the domain, Check the security settings tab to make sure it is not trying to authenticate users against the AD first. NTLM auth.

0
 
kogasAuthor Commented:
We tried to delete the password history in IE, and also checked the credential manager.

The sharepoint server is not on our domain, but failed login attempts towards it does cause lockouts on our domain.

Can also mention that the url they are working on is included on our trusted sites.
0
 
arnoldCommented:
It is not possible.  An access to a remote server that is not part of the domain even with a cached password has no way of locking out the AD password.
Enable auditing to see the source of the authentication request.
What does the sharepoint authentication mechanism use?  Is it based on an SQL table?
0
 
kogasAuthor Commented:
Thanks for the help so far, but we figured it out.

Basicly it was a combination of windows integrated authentication beeing enabled, allowing IE to use Kerberos authentication, and with the username matching our internal UPN and Kerberos realm. In addition to this, the site they were accessing was on our list of trusted domains.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now