Account lockout

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
mfehr
Advanced member
Advanced member
Posts: 64
Joined: Fri Sep 12, 2014 11:25 pm

Account lockout

Postby mfehr » Thu Nov 22, 2018 1:14 am

Since a couple of weeks, one of my accounts regularly gets locked out. This is what I find in the logfiles (username, hostname and IP address obfuscated):

content of audit.log:

Code: Select all

2018-11-22 08:59:47,848 INFO  [qtp66233253-35672:https:https://myserver.com:7073/service/admin/soap/] [name=user@myserver.com;ip=192.168.1.123;port=54548;soapId=5e295e99;] security - Account is lockout, not updating failure time.
2018-11-22 08:59:47,848 WARN  [qtp66233253-35672:https:https://myserver.com:7073/service/admin/soap/] [name=user@myserver.com;ip=192.168.1.123;port=54548;soapId=5e295e99;] security - cmd=Auth; account=user@myserver.com; protocol=soap; error=authentication failed for [user@myserver.com], account lockout;


content of trace_log:

Code: Select all

08:59:47.840:qtp66233253-35660 OPENED SslConnection@28422b07{NEED_UNWRAP,eio=-1/-1,di=-1} -> HttpConnection@7f4db62e[DecryptedEndPoint@29601007{/192.168.1.123:54548<->7073,Open,in,out,-,-,0/0,HttpConnection}->SelectChannelEndPoint@759f9575{/192.168.1.123:54548<->7073,Open,in,out,-,-,0/0,SslConnection}{io=0/0,kio=0,kro=0}][p=HttpParser{s=START,0 of 0},g=HttpGenerator@205d1c63{s=START},c=HttpChannelOverHttp@197e117c{r=0,c=false,a=IDLE,uri=null}][b=null]
08:59:47.840:qtp66233253-35660 OPENED HttpConnection@7f4db62e[DecryptedEndPoint@29601007{/192.168.1.123:54548<->7073,Open,in,out,-,-,0/0,HttpConnection}->SelectChannelEndPoint@759f9575{/192.168.1.123:54548<->7073,Open,in,out,-,-,0/0,SslConnection}{io=0/0,kio=0,kro=0}][p=HttpParser{s=START,0 of 0},g=HttpGenerator@205d1c63{s=START},c=HttpChannelOverHttp@197e117c{r=0,c=false,a=IDLE,uri=null}][b=null]
08:59:47.846:qtp66233253-35672:https:https://myserver.com:7073/service/admin/soap/ REQUEST 192.168.1.123 POST null; null
08:59:47.849:qtp66233253-35672:https:https://myserver.com:7073/service/admin/soap/ RESPONSE 500 text/xml;charset=utf-8
08:59:47.849:qtp66233253-35673 CLOSED HttpConnection@7f4db62e[DecryptedEndPoint@29601007{/192.168.1.123:54548<->7073,CLOSED,ISHUT,OSHUT,-,-,0/0,HttpConnection}->SelectChannelEndPoint@759f9575{/192.168.1.123:54548<->7073,CLOSED,ISHUT,OSHUT,-,-,0/0,SslConnection}{io=1/0,kio=-1,kro=-1}][p=HttpParser{s=CLOSED,0 of -1},g=HttpGenerator@205d1c63{s=START},c=HttpChannelOverHttp@197e117c{r=1,c=false,a=IDLE,uri=null}][b=null]
08:59:47.849:qtp66233253-35673 CLOSED SslConnection@28422b07{NEED_WRAP,eio=-1/-1,di=-1} -> HttpConnection@7f4db62e[DecryptedEndPoint@29601007{/192.168.1.123:54548<->7073,CLOSED,ISHUT,OSHUT,-,-,0/0,HttpConnection}->SelectChannelEndPoint@759f9575{/192.168.1.123:54548<->7073,CLOSED,ISHUT,OSHUT,-,-,0/0,SslConnection}{io=1/0,kio=-1,kro=-1}][p=HttpParser{s=CLOSED,0 of -1},g=HttpGenerator@205d1c63{s=START},c=HttpChannelOverHttp@197e117c{r=1,c=false,a=IDLE,uri=null}][b=null]


content of mailbox.log:

Code: Select all

2018-11-22 08:59:47,848 INFO  [qtp66233253-35672:https:https://myserver.com:7073/service/admin/soap/] [name=user@myserver.com;ip=192.168.1.123;port=54548;soapId=5e295e99;] SoapEngine - handler exception: authentication failed for [user@myserver.com], account lockout
2018-11-22 08:59:47,849 INFO  [qtp66233253-35672:https:https://myserver.com:7073/service/admin/soap/] [name=user@myserver.com;ip=192.168.1.123;port=54548;soapId=5e295e99;] soap - AuthRequest elapsed=1


The Zimbra server is behind a NAT. Looking at the netstat information on the zimbra server, it seems that the connection was established from the zimbra server itself.

The queues are all empty (zimbra admin - Monitor Mail Queues)

Any idea how to identify the root cause of the failed login that causes account lockouts?


User avatar
DualBoot
Elite member
Elite member
Posts: 1073
Joined: Mon Apr 18, 2016 8:18 pm
Location: Earth
ZCS/ZD Version: ZCS FLOSS - 8.7.11 Mutli servers

Re: Account lockout

Postby DualBoot » Fri Nov 23, 2018 9:40 am

Hello,

you need to identify the origin IP of the connection.
You should look at how to forward origin IP.

Regards,
ALP_88
Posts: 6
Joined: Thu Aug 25, 2016 1:48 am

Re: Account lockout

Postby ALP_88 » Wed Nov 28, 2018 3:47 am


Return to “Administrators”

Who is online

Users browsing this forum: MSN [Bot] and 6 guests