Environment
Novell iFolder 3.7
Novell iFolder 3.8
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3
Situation
If Novell iFolder uses Active Directory as it's LDAP user store, and the Active Directory authentication type is changed from LMHash to NTLM it's possible for users to be locked out of their Active Directory accounts.
Resolution
This was sumbitted as a defect, and engineering is currently working on a fix to the issue.
Additional Information
This issue only affects users when they have set the client to remember the password and automatically log them in. NTLM sees the LMHash password as an incorrect password, not an expired password, and thus does NOT prompt for a password change via the iFolder client. Since the iFolder client will attempt multiple times to authenticate Active Directory locks the users account as part of its intruder dectection.