Chris Samuel <[EMAIL PROTECTED]> writes: > Well we were told that AD doesn't permit anonymous access.
<URL:http://www.novell.com/coolsolutions/appnote/15120.html>, for example, has instructions for 2000 and 2003 servers. > Bear in mind we're Linux geeks here, not Windows geeks.. ;-) I hope you don't think I'm a Windows geek! Just passing on what I know from having had to tangle with AD admin previously and having to get things working here eventually post-eDirectory; I guess plenty of us are in similar boats with this. >> or the `machine' account. The latter is what you get from >> `joining the domain' (e.g. with Samba) > > Whilst I couldn't be certain I suspect their security > policy would have classed that as just being an implementation > of the former, and it too would have been locked out after > N failed attempts and hence locked out all users. It would be the same on Windows boxes, surely, allowing a DoS attack. > We got the impression that AD didn't permit them to > make an exception to this policy either.. :-( I think you can control the lockout policy with fairly fine granularity, and I think it's actually off by default, but don't have a system to check. I guess it's documented OTW somewhere. -- IBM^WMicrosoft is not a necessary evil; IBM^WMicrosoft is not necessary. -- Ted Nelson updated _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
