Sometime between 3pm yesterday and 8am today someone attempted to login into a particular account, locking it. I contacted the appropriate personnel. However, someone is consistently trying to login, not allowing the account to be reset. (or automatically locking it again, whichever) I asked if there was a way to locate where the attempts were coming from. Response was to walk around the building. I honestly don't believe it's coming from within the building. Maybe within the network, but not within the building. Not to mention that I don't have the time to walk around inspecting 200 workstations and hope that I catch someone. Sorry about ranting. Anyway, could I locate the person from the IPX address listed? Is there any way I can tell, besides waiting for the higher ups to inform me, that the attempts are coming from inside? Thanks. Oh yeah, Netware 5.1, workstations vary but about half win98 and half win2k, pentium II & III, 128mb ram avg. Don't know what else someone would need to know to help answer my question.

Whenever a lockout occurs you get a console message on the server where NDS is installed telling you that the account has been locked and the message will reference the station by MAC address. You will see the message at the command line output. It does sound as though someone is trying to guess the password of another user while using that person's log in name. This is potentially dangerous. BTW, are you running 5.1 in an IPX or IP environment? If it's IP then you should be easily able to discover the location of the offending login attempt from the IP address indentified in the console message.

And if you are using IPX you can do the same with the use of Nlist. Mark is correct that I would investigate this closely as it could be a serious issue with a hacker/cracker.

The most common cause of this is some one sets up a drive mapping on a windows computer to a Novell drive using credentials which windows caches and remembers. That account has it's password changed and windows is consistently trying to connect with the old credentials causing the account to continuously be locked. Cheers Mike