Results 1 to 1 of 1

Thread: Account lockout issue

Threaded View

  1. #1
    Join Date
    Mar 2007
    Location
    Rochester, NY
    Posts
    89
    Rep Power
    8

    Exclamation Account lockout issue

    Hello all,

    I have been looking around the forums but I have not found an explanation to the issue I am seeing...

    I have a user which has (as of late) constatntly getting locked out of their account. What I find in the auth.log file:

    <code>
    2013-06-19 20:41:42,788 WARN [btpool0-40782://my.zimbra:7071/service/admin/soap/] [name=user@domain;ip=127.0.1.1;] security - cmd=Auth; account=user@domain; protocol=soap; error=authentication failed for user@domain, invalid password;
    2013-06-19 20:41:44,056 WARN [btpool0-40782://my.zimbra:7071/service/admin/soap/] [name=user@domain;ip=127.0.1.1;] security - cmd=Auth; account=user@domain; protocol=soap; error=authentication failed for user@domain, invalid password;
    2013-06-19 20:41:45,322 WARN [btpool0-40781://my.zimbra:7071/service/admin/soap/] [name=user@domain;ip=127.0.1.1;] security - cmd=Auth; account=user@domain; protocol=soap; error=authentication failed for user@domain, invalid password;
    2013-06-19 20:41:47,177 WARN [btpool0-40781://my.zimbra:7071/service/admin/soap/] [name=user@domain;ip=127.0.1.1;] security - cmd=Auth; account=user@domain; protocol=soap; error=authentication failed for user@domain, invalid password;
    2013-06-19 20:44:13,961 INFO [btpool0-40781://my.zimbra:7071/service/admin/soap/] [name=user@domain;ip=127.0.1.1;] security - cmd=Auth; account=user@domain; error=account lockout due to too many failed logins;
    2013-06-19 20:44:14,032 WARN [btpool0-40781://my.zimbra:7071/service/admin/soap/] [name=user@domain;ip=127.0.1.1;] security - cmd=Auth; account=user@domain; protocol=soap; error=authentication failed for user@domain, invalid password;
    </code>

    What puzzles me is that this user is external only... no access to the DMZ and the tcp/7071 port is blocked publicly and not accessible to the user.
    So how are requests for 7071 reaching the server for this user? And why is the IP that of the server's local address (127.0.1.1 is defined in the hosts file for the name)? All I can think is that this is some internal process... so why would it lock out the user like this?

    This user uses imap exclusively.

    I am just baffled as to what this is. Any help is greatly appreciated.

    Thanks! -Peter.


    P.S. -- I found this thread: http://www.zimbra.com/forums/adminis...request-2.html
    It lists a similar problem, but also no clear explanation as to how this requests go to tcp/7071 when that port is closed to the Internet.
    Last edited by pbrunnen; 06-19-2013 at 08:45 PM.

Similar Threads

  1. Account Lockout: How to find IP address of soap - AuthRequest
    By spikehardin in forum Administrators
    Replies: 23
    Last Post: 08-13-2014, 02:01 PM
  2. Admin account lockout.
    By jpb in forum Administrators
    Replies: 6
    Last Post: 06-06-2013, 07:33 AM
  3. Account lockout costantly
    By Fr0ggy in forum Administrators
    Replies: 4
    Last Post: 04-18-2012, 12:52 AM
  4. Replies: 1
    Last Post: 09-06-2011, 04:02 PM
  5. Account Lockout Message?
    By i2ambler in forum Administrators
    Replies: 1
    Last Post: 01-20-2011, 03:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •