There were 4 failed login attempts since your last login... (zimbra account)

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
rm-rf
Posts: 14
Joined: Thu Dec 01, 2016 4:34 pm

There were 4 failed login attempts since your last login... (zimbra account)

Postby rm-rf » Tue Jan 03, 2017 3:57 am

Release 8.7.0_GA_1659.RHEL7_64_20160628202714 RHEL7_64 FOSS edition.

I su'ed into the zimbra account today and was greeted by 4 failed login attempts. I'm curious if anyone has any input on this:

Code: Select all

root@mail log]# lastb
zimbra                                 Mon Jan  2 07:56 - 07:56  (00:00)   
zimbra                                 Mon Jan  2 07:56 - 07:56  (00:00)   
zimbra                                 Mon Jan  2 07:56 - 07:56  (00:00)   
zimbra                                 Mon Jan  2 07:56 - 07:56  (00:00)   


Code: Select all

[root@mail log]# cat secure
Jan  2 07:56:04 mail sudo:  zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
Jan  2 07:56:04 mail sudo:  zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmtastatus
Jan  2 07:56:04 mail sudo:  zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
Jan  2 07:56:04 mail sudo:  zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
Jan  2 07:56:04 mail sudo:  zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
Jan  2 07:56:04 mail sudo:  zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
Jan  2 07:56:48 mail su: pam_unix(su-l:auth): auth could not identify password for [zimbra]
Jan  2 07:56:48 mail su: pam_succeed_if(su-l:auth): requirement "uid >= 1000" not met by user "zimbra"
Jan  2 07:56:50 mail su: pam_unix(su-l:auth): auth could not identify password for [zimbra]
Jan  2 07:56:50 mail su: pam_succeed_if(su-l:auth): requirement "uid >= 1000" not met by user "zimbra"
Jan  2 07:56:51 mail su: pam_unix(su-l:auth): auth could not identify password for [zimbra]
Jan  2 07:56:51 mail su: pam_succeed_if(su-l:auth): requirement "uid >= 1000" not met by user "zimbra"
Jan  2 07:56:52 mail su: pam_unix(su-l:auth): auth could not identify password for [zimbra]
Jan  2 07:56:52 mail su: pam_succeed_if(su-l:auth): requirement "uid >= 1000" not met by user "zimbra"
Jan  2 07:56:56 mail sudo:  zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
Jan  2 07:56:56 mail sudo:  zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
Jan  2 07:56:56 mail sudo:  zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmtastatus
Jan  2 07:56:56 mail sudo:  zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
Jan  2 07:56:56 mail sudo:  zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
Jan  2 07:56:56 mail sudo:  zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
Jan  2 07:56:56 mail sudo:  zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status


rm-rf
Posts: 14
Joined: Thu Dec 01, 2016 4:34 pm

Re: There were 4 failed login attempts since your last login... (zimbra account)

Postby rm-rf » Wed Jan 04, 2017 4:49 pm

I think I have tracked this down to some issues with ssh on the system. I had recently moved servers. Looks like zimbra using ssh to connect and the permissions being wrong on .ssh and such (it appears that zmfixperms didn't change the permissions on .ssh although it looks like it fixes selinux). Also possible issues with selinux as well.

I think the steps I needed included:
chown -R zimbra.zimbra /opt/zimbra/.ssh
chmod 700 /opt/zimbra/.ssh
zmsshkeygen
zmupdateauthkeys
chcon -R -v -u system_u -t user_home_t /opt/zimbra/.ssh/
And editing /etc/sshd/sshd.conf to put zimbra as an allowed users

Not all the steps may have been necessary but some combination of these I suspect has fixed my problem. This is Centos FWIW.

EDIT: Nope, appears that the SSH issues I fixed were separate and this still is here.
PaperAdvocate
Posts: 20
Joined: Tue Oct 11, 2016 9:28 pm

Re: There were 4 failed login attempts since your last login... (zimbra account)

Postby PaperAdvocate » Thu May 24, 2018 4:59 am

Did you ever find a resolution to this? I've got the same issue...

Code: Select all

[root@mail ~]# lastb
zimbra                                 Wed May 23 03:06 - 03:06  (00:00)
zimbra                                 Wed May 23 03:06 - 03:06  (00:00)
zimbra                                 Wed May 23 03:06 - 03:06  (00:00)
zimbra                                 Tue May 22 03:29 - 03:29  (00:00)
zimbra                                 Tue May 22 03:29 - 03:29  (00:00)
zimbra                                 Tue May 22 03:29 - 03:29  (00:00)
zimbra                                 Mon May 21 03:50 - 03:50  (00:00)
zimbra                                 Mon May 21 03:50 - 03:50  (00:00)
zimbra                                 Sun May 20 03:39 - 03:39  (00:00)
zimbra                                 Sun May 20 03:39 - 03:39  (00:00)
zimbra                                 Sun May 20 03:39 - 03:39  (00:00)
zimbra                                 Sat May 19 03:48 - 03:48  (00:00)
zimbra                                 Sat May 19 03:48 - 03:48  (00:00)
zimbra                                 Sat May 19 03:48 - 03:48  (00:00)
zimbra                                 Fri May 18 03:35 - 03:35  (00:00)
zimbra                                 Fri May 18 03:35 - 03:35  (00:00)
zimbra                                 Fri May 18 03:35 - 03:35  (00:00)
zimbra                                 Thu May 17 03:09 - 03:09  (00:00)
zimbra                                 Thu May 17 03:09 - 03:09  (00:00)
zimbra                                 Wed May 16 03:39 - 03:39  (00:00)

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 13 guests