When we started converting to OES2 Linux we used an admin account to connect
and run services. Now we are realizing our mistake as downsizing has sent
away someone who knew the password. I understand the process for servers in
setting up a "service" account then stopping "namcd" altering the "oes-ldap"
and "nam.conf" files, running "namconfig k" restarting "namcd" and
refreshing the cache.

I still have a number of instances of the old Admin account still logging in
with the old password (and then intruder lockout takes over). I have
tracked down the addresses the lockout is comming from but not what process
or service is using that account. Is there a way to track this down so I
can correct the problem? Any gochas I need to watch out for?