Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Locked Accounts not resetting

  1. #1
    Join Date
    Jul 2007
    Location
    Melbourne
    Posts
    11
    Rep Power
    8

    Default Locked Accounts not resetting

    Hi,

    Running ZCS 4.5.5 and I have had reported from a user that they are unable to log in.

    Checking acctount details, the account is locked as per the configuration for security (5 failed attempts within 1hr locks account for 1hr).

    Problem is, the account has not reset. It has been locked for over 24hrs.

    Also note that there is a time difference between Zimbra timestamps and system time that is NOT equal to timezone offset.

    Any clues.

    Thanks.
    Michael

    zmprov ga <user>

    mail: <user>
    objectClass: organizationalPerson
    objectClass: zimbraAccount
    objectClass: amavisAccount
    userPassword: VALUE-BLOCKED
    zimbraAccountStatus: lockout
    zimbraAdminAuthTokenLifetime: 12h
    zimbraLastLogonTimestamp: 20070718003646Z
    zimbraPasswordEnforceHistory: 0
    zimbraPasswordLocked: FALSE
    zimbraPasswordLockoutDuration: 1h
    zimbraPasswordLockoutEnabled: TRUE
    zimbraPasswordLockoutFailureLifetime: 1h
    zimbraPasswordLockoutFailureTime: 20070723114149Z
    zimbraPasswordLockoutLockedTime: 20070722095815Z
    zimbraPasswordLockoutMaxFailures: 5
    zimbraPasswordMaxAge: 0
    zimbraPasswordMaxLength: 12
    zimbraPasswordMinAge: 0
    zimbraPasswordMinLength: 6
    zimbraPasswordMinLowerCaseChars: 0
    zimbraPasswordMinNumericChars: 1
    zimbraPasswordMinPunctuationChars: 0
    zimbraPasswordMinUpperCaseChars: 0
    zimbraPasswordModifiedTime: 20070718004154Z
    zimbraPrefTimeZoneId: (GMT+10.00) Canberra / Melbourne / Sydney


    From audit.log

    2007-07-22 19:58:15,000 INFO [http-80-Processor97] [ua=ZimbraWebClient - IE6 (Win);ip=59.101.221.125;] security - cmd=Auth; account=<user>@pakenhamses.com.au; error=account lockout due to too many failed logins;
    Last edited by michaelb; 07-23-2007 at 06:41 PM. Reason: added command output

  2. #2
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Welcome to the forums,

    Are you sure he's not using a client that's trying to re-connect with the bad password? thus hence locking it further...
    unlock with:
    zmprov ma user@pakenhamses.com.au zimbraAccountStatus active
    Last edited by mmorse; 07-23-2007 at 08:00 PM. Reason: added their domain name to make it easier

  3. #3
    Join Date
    Jul 2007
    Location
    Melbourne
    Posts
    11
    Rep Power
    8

    Default Thanks

    mmorse,

    Thanks for your reply.

    I am aware of how to reset manually. As the original post explains, this account is not being reset back in to an active state after the 1hr timer.

    There is no indication that it is even being attampted.

    I have checked the logs, and there was a period of approx 12hrs or so where there was no login attempts on this account.

    All the users are encouraged to use the web client as we are making extenisve use of the calendar.

    Any ideas on where/what to check to see if Zimbra is even attempting to unlock the account?

    Regards,
    Michael.

  4. #4
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    ahem-
    Please upgrade to 4.5.6

    Also, can you reset the account again, then post the output of mailbox.log

  5. #5
    Join Date
    Jul 2007
    Location
    Melbourne
    Posts
    11
    Rep Power
    8

    Default

    Thank jholder.

    I will ivestigate upgrade to 4.5.6 (after problems with upgrade from 4.5.0 to 4.5.5).

    I have reset the account and password and logged on as the user (1 attempt failed due to typo in domain) and attached the maillog from toady.

    Hope this can shed some light on the problem.

    Regards,
    Michael
    Attached Files Attached Files

  6. #6
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Michael-
    I noticed some things in the logs that I asked for our engineering department to look at.

    Thanks
    john

  7. #7
    Join Date
    Jul 2007
    Location
    Melbourne
    Posts
    11
    Rep Power
    8

    Default

    John,

    I have reviewed the updates made in the newer version. None of the "fixes" have any impact on locked accounts, and in fact, verry few of them actually have any impact on the Community Version (most seemed to deal with Network Edition and Outlook).

    At this point, there does not appear to be any advantage to be gained by performing an upgrade.

    How did the engineers go with the details I provided last week?

    Regards,
    Michael

  8. #8
    Join Date
    Aug 2005
    Posts
    24
    Rep Power
    10

    Default

    between 4.5.0 and 4.5.6?

    I'm afraid you are mistaken: There are MANY MANY bug fixes (over 300 by my count).

  9. #9
    Join Date
    Jul 2007
    Location
    Melbourne
    Posts
    11
    Rep Power
    8

    Default

    As I indicated in my previous post, I did not indate a quatity of fixes, only that I have looked at the bug list as per the release notes and there does NOT appear to be ANY bug fixes for the issue reported in this thread.

    If there is please provide details of the references.

    Also, I asked for an update on what the engineers found. This has still not been provided (nor has any details about what required forwarding of this issue to engineers in the first place).

  10. #10
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    In general, we encourage all of our users to maintain the latest build.
    Also, keep in mind that we do not make all bugs public, for various reasons.

    In order for myself, or any other member of the forums team to help you, we strongly encourage you to upgrade.

    The two errors I asked about were:
    Code:
    2007-07-24 10:35:34,748 INFO  [ImapServer-656] [] ProtocolHandler - Exception occurred while handling connection
    
    java.net.SocketException: Connection reset
    
            at java.net.SocketInputStream.read(SocketInputStream.java:168)
    
            at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
    
            at java.io.BufferedInputStream.read(BufferedInputStream.java:235)
    
            at com.zimbra.cs.tcpserver.TcpServerInputStream.readLine(TcpServerInputStream.java:81)
    
            at com.zimbra.cs.imap.ImapRequest.continuation(ImapRequest.java:156)
    
            at com.zimbra.cs.imap.ImapHandler.processCommand(ImapHandler.java:226)
    
            at com.zimbra.cs.tcpserver.ProtocolHandler.processConnection(ProtocolHandler.java:231)
    
            at com.zimbra.cs.tcpserver.ProtocolHandler.run(ProtocolHandler.java:198)
    
            at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(Unknown Source)
    
            at java.lang.Thread.run(Thread.java:595)
    
    2007-07-24 10:35:34,749 INFO  [ImapServer-656] [] imap - [144.135.112.170] exception while closing connection
    
    java.net.SocketException: Broken pipe
    
            at java.net.SocketOutputStream.socketWrite0(Native Method)
    
            at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
    
            at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
    
            at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
    
            at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
    
            at com.zimbra.cs.imap.ImapHandler.sendLine(ImapHandler.java:2099)
    
            at com.zimbra.cs.imap.ImapHandler.sendResponse(ImapHandler.java:2089)
    
            at com.zimbra.cs.imap.ImapHandler.sendUntagged(ImapHandler.java:2078)
    
            at com.zimbra.cs.imap.ImapHandler.dropConnection(ImapHandler.java:2048)
    
            at com.zimbra.cs.imap.ImapHandler.dropConnection(ImapHandler.java:2034)
    
            at com.zimbra.cs.tcpserver.ProtocolHandler.run(ProtocolHandler.java:210)
    
            at EDU.oswego.cs.dl.util.concurrent.Pool
    
    and 
    
    com.zimbra.cs.account.AccountServiceException: invalid attr name: [LDAP: error code 17 - password: attribute type undefined]
    
            at com.zimbra.cs.account.AccountServiceException.INVALID_ATTR_NAME(AccountServiceException.java:115)
    
            at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrsInternal(LdapProvisioning.java:297)
    
            at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrs(LdapProvisioning.java:276)
    
            at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrs(LdapProvisioning.java:256)
    
            at com.zimbra.cs.service.admin.ModifyAccount.handle(ModifyAccount.java:88)
    
            at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:270)
    
            at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:168)
    
            at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:90)
    
            at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:223)
    
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
    
            at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:162)
    
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
    
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
    
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
    
            at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
    
            at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
    
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
    
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
    
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
    
            at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541)
    
            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
    
            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
    
            at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:667)
    
            at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
    
            at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
    
            at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
    
            at java.lang.Thread.run(Thread.java:595)
    
    Caused by: javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error code 17 - password: attribute type undefined]; remaining name 'uid=craig.bonsor,ou=people,dc=pakenhamses,dc=com,dc=au'
    
            at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3054)
    
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
    
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
    
            at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1437)
    
            at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
    
            at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
    
            at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:153)
    
            at com.zimbra.cs.account.ldap.LdapUtil.modifyAttributes(LdapUtil.java:1053)
    
            at com.zimbra.cs.account.ldap.LdapUtil.modifyAttrs(LdapUtil.java:595)
    
            at com.zimbra.cs.account.ldap.LdapProvisioning.modifyAttrsInternal(LdapProvisioning.java:294)
    
            ... 25 more
    To wish I was asked to ask you to upgrade to see if that fixes your issue.

    If you do not wish to upgrade, I understand, however, it's illogical to say:
    It doesn't work, but I won't upgrade.

    In an enterprise environment, I 100% understand not wanting to take your system down, but there is one particularly bad bug that can cause mail/accounts to be lost, see:
    http://www.zimbra.com/forums/announc...bug-alert.html

    Ultimately, the choice to upgrade is your choice, and we will support you no matter what you choice. I just have to ask you to upgrade, as we don't know if that will fix your issue.

    Sincerely,
    john

Similar Threads

  1. Multiple Mail Accounts, Folders
    By skwdenyer in forum Users
    Replies: 12
    Last Post: 12-01-2013, 08:52 PM
  2. Replies: 5
    Last Post: 08-16-2006, 06:18 AM
  3. Zimbra dies after some time
    By czaveri in forum Installation
    Replies: 17
    Last Post: 04-07-2006, 08:45 AM
  4. Replies: 2
    Last Post: 03-20-2006, 10:50 PM
  5. Internal Mails Stop Working After a While
    By mintra in forum Administrators
    Replies: 30
    Last Post: 02-02-2006, 08:35 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •