G
Guest
hello,
a user has been locking his AD account out on a fairly
regular basis. after pouring through the logs i found a
reference to a mapped SAMBA drive on a UNIX server. it
came across with a NULL password. when looking at the
eventvwr on the DC there is an event id 529 for his
account. is lists the logon process as NTLMSSP. i know
what this is based on the explanation in the services.msc
but what is NTLMSSP doing for this user? any help is
greatly appreciated as we are now starting to have a rash
of account lock outs.
a user has been locking his AD account out on a fairly
regular basis. after pouring through the logs i found a
reference to a mapped SAMBA drive on a UNIX server. it
came across with a NULL password. when looking at the
eventvwr on the DC there is an event id 529 for his
account. is lists the logon process as NTLMSSP. i know
what this is based on the explanation in the services.msc
but what is NTLMSSP doing for this user? any help is
greatly appreciated as we are now starting to have a rash
of account lock outs.