Go to previous topic
Go to next topic
Last Post 12/7/2011 8:08 PM by  Jimmy Chiu
Domain account locked out when using Lawson Portal
 4 Replies
Author Messages
Nate R
TS Manager
LTSB
New Member
(4 points)
New Member
Posts:2


Send Message:

--
11/28/2011 6:06 PM
    Hello,

    We have been troubleshooting an issue where user accounts (Windows domain accounts/NT accounts) are getting locked periodically when using the Lawson Portal.

    I have very limited understanding of this system, and the event logs on the workstations aren't very helpful (there is no mention of Lawson at all).  However, with a little Google-ing I think it might be a situation that could only be caused by our Lawson Portal being configured to use an LDAP query.

    Could anyone kindly reinforce this theory with me, or suggest another tree for me to bark up?

    Thanks in advance,
    -Nate
    Greg Moeller
    Private
    Private
    Veteran Member
    (4132 points)
    Veteran Member
    Posts:1474


    Send Message:

    --
    11/28/2011 7:02 PM
    You seem to be correct. I've noticed myself, since we've recently bound to our corporate AD, that users would lock themselves out, because they were used to using different passwords than their AD password.
    Lately, it's started to calm down as they are getting used to using the correct passwords.

    The process of binding to AD uses a command called ldapbind which you can find lots of information about on myLawson. That is where your LDAP query is most likely coming from- I know that is where ours comes from. AD = LDAP.
    Jimmy Chiu
    System Analyst
    Federal Government
    Veteran Member
    (1880 points)
    Veteran Member
    Posts:640


    Send Message:

    --
    11/28/2011 8:22 PM
    Do you have AD password policy in place? IE: X number of failed password tries will automatically lock out the AD account. Thus, you can't login Lawson if you are ldapbinded to AD. Check with your domain admin on password policy.
    Nate R
    TS Manager
    LTSB
    New Member
    (4 points)
    New Member
    Posts:2


    Send Message:

    --
    12/5/2011 4:16 PM
    Greg, Jimmy - Thank you.

    Greg -- I'll check out the sources you mentioned -- thanks, that's very helpful.

    Jimmy - yeah, we do have an AD password policy. To my knowledge, the users do NOT get locked out of Lawson -- this simply notice they can't log into their computers (or use network resources, etc.) because their AD password is locked.

    Seems like this
    ldapbind
    is a likely culprit -- I will continue on toward that point of investigation -- thanks again, guys.
    Jimmy Chiu
    System Analyst
    Federal Government
    Veteran Member
    (1880 points)
    Veteran Member
    Posts:640


    Send Message:

    --
    12/7/2011 8:08 PM
    Nate,

    FYI: Failed password attempts in portal *do* results AD account lockout if it's LDAPBIND to AD for password authentication when you have AD password lockout policy in place.

    - Lawson Portal passes user/password to AD for password authentication via ldapbind
    - AD evaluates the user/password combination, when it fails x amount of times, lockout account
    - User no longer able to log in portal
    - User no longer able to log in computer
    - User no longer able to log in mobile phone to access email etc.


    ---