Active Directory Users Locked out by iFolder Client

  • 7009556
  • 12-Oct-2011
  • 26-Apr-2012

Environment

Novell iFolder 3.7
Novell iFolder 3.8
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3

Situation

If Novell iFolder uses Active Directory as it's LDAP user store, and the Active Directory authentication type is changed from LMHash to NTLM it's possible for users to be locked out of their Active Directory accounts.

Resolution

This was sumbitted as a defect, and engineering is currently working on a fix to the issue.

Additional Information

This issue only affects users when they have set the client to remember the password and automatically log them in.  NTLM sees the LMHash password as an incorrect password, not an expired password, and thus does NOT prompt for a password change via the iFolder client.  Since the iFolder client will attempt multiple times to authenticate Active Directory locks the users account as part of its intruder dectection.