I Had a 'House' Moment

Miscellaneous and Personal Stuff I Must Share
1

A couple weeks ago, the support desk where I work got a call about a user being unable to log into our system. We’ll call her Jane Doe. Jane could log into email, the campus network, ANYTHING except our student ‘portal’. Which is weird, because all those things authenticate against an Active Directory server.

Further, she was getting an unusual error message complaining about the LDAP mapping. The help desk took her through the usual troubleshooting steps - making sure she wasn’t mistyping her password, having her change her password, et cetera. But they got stymied, so they brought it to my attention.

I’m a database guy mainly, but I also do some software administration, and a little development. (We’re a small shop, we all wear a lot of hats.) So I take a look at it.

We sometimes see the LDAP message if there’s a defect with a student’s record in a particular table in our student information database. So that’s where I go first - and everything looks good. If our students change their password through the ‘portal’, then I (as DBA) can see those passwords for about a week afterwards in another table, so I looked her up, got her password, and tried her login myself.

It worked.

No error whatsoever. To my mind, that confirmed that the behind the scenes software was working correctly, that the user was either making a mistake, or had some local computer configuration problem. I tried her login from a PC set up to come into our network from the outside, like hers - still worked. We got her to try it on a different PC - still didn’t work for her. She even gave her sister her login information - and her SISTER was able to get in successfully.

So it seemed the problem was with the user. But I couldn’t think of what she could do to get THAT message - she should get ‘invalid username or password’ if she mistyped something. We verified her password didn’t contain any special characters that might trip up authentication - just letters and numbers.

So the helpdesk started trying to look for any malware that might be tripping her up on her home PCs, and I went on to think about other work, until today. One of our network guys was talking about an unrelated issue while within earshot of my office, and mentioned case-sensitivity - which gave me the lightbulb.

I’d considered her getting the case sensitivity wrong on her password, but what about her username? Our assigned usernames only use lowercase letters. AD won’t care about the capitalization, but since it has to compare to a string value in an Oracle table to do the matching - that could cause what we’re seeing. I quickly verified by trying my own login credentials, with the first letter of my username capitalized.

Bingo!

Some days, I love my job. :smiley:

2

I’m way ahead of you on this. I got the same call this morning, and the first thing I asked was if her caps lock key was on. Nope, it was off, and she was doing everything right. “And I still can’t log – hey, it worked that time!”

I gues it’s kind of like when you go see your doctor, and he doesn’t do anything for you, but you feel better anyway.

3

“Is your CAPS lock key on?”
::looks at CAPS light::
“No.” ::turns caps off:: “Hey, it worked that time!”

4

So was it lupus?

5

A distinct possibility.

Could also be that we recently changed how logons are done, and this was the first time she tried it the new way.

6

The CAPS LOCK key being on or SHIFT key being pressed while typing is always (in my experience) the very first thing help desk people ask users re login problems. I’m stunned this wasn’t the first question out of their mouths.

7

No, her caps lock key wasn’t on - or the password would have failed.

She should have been putting : jdoe1, and she was putting JDoe1. Purposeful capitalization.

8

It’s never lupus!

9

That was a good catch. Case sensitive usernames have messed me up a few times on my phone. Usually it’s because text fields default to start with a capital so I end up using Username instead of username.

Following in the House vein. Users lie. I can totally understand a user being confused about a problem and not reporting accurate information, but I often get users who seem to deliberately lie. For instance, I had one user who was having a problem with our webmail. Nobody else was reporting this problem, and everything I could test showed it was working fine. Searching didn’t turn up anybody else having similar problems, but it happened from “all” the computers she used “all” the time. My guess was it was only a problem on her ancient work computer running IE5 or something equally bad (this was in 2009). Suggestions to upgrade browsers, try Firefox, Chrome, or Opera were all met with “I tried that and it doesn’t work,” “It can’t be this computer, it does the same thing from my laptop and at home.” Well guess what? I have logs. I can see that when she told me “it did that thing again, this time from home last night” that she hadn’t logged in from home in a week. All of those different browsers that were tried somehow magically had the same exact user agent, and were somehow sharing a login session on the webmail. It was also really weird how “somebody elses” computer that gave you the same problem had the same IP address as your work desktop, at the same time!

Of course, the problem went away on all of the computers as soon as her work desktop was upgraded. (This wasn’t some kind of attempt to weasel an upgrade out of a recurring problem, I don’t do the upgrades, and she had her own budget to spend on a new computer—it was purely due to her own cheapness that she was running Windows 2000 in 2009.)

10

You only got 2/3 of the quote right.

Ahem…

“It’s not lupus!”

11

And it was for that one magician guy.

12

If a user changes their password using your portal, the password is stored in your database in plain text? Apparently you folks don’t get audited very often…(or else your auditors are as clueless as the ones we have)

13

We had a piece of equipment that was not working correctly. Three engineers, with about 70 years experience between, had been working on it for a week and were stumped. Since I’m a technician I was doing the testing on it. For some reason it came to me that the person who assembled it did not torque down a set of bolts correctly. I had it working an hour later.

14

Or another handful of diseases I swear I hear every episode, just to sound smart and fill in the gaps…

15

Then it must be sarcoidosis. Or Wilson’s disease.
Yeah, I don’t watch too much ‘House’.

16

If it’s not MS or arrhythmia and a stress test shows nothing, better perform a Whipple procedure. Stat. (I’ve been watching the House-a-thon for 2 days now.)

17

It’s recommended that they change their password via the Windows network login, which doesn’t store the passwords anywhere but in the AD. And even in the portal method it’s not plain text, it’s just decode-able.

18

No, I got 100% of the quote right. :slight_smile:

19

This wasn’t a House moment unless the solution to the problem required a whiteboard, dry-erase pens, and barbed Socratic one-liners.

20

You forgot neoplastic syndrome.