User getting disabled?

One of our user is experiencing getting disabled login in GroupWise. He is using a thunderbird client and is using LDAP authentication. When I checked the LDAP DN is correct and upon logging in we could log in after unchecking the disabled login checkbox in GoupWise console, But after some time the user is being disabled again.

If someone could share a solution or just the cause that would help alot.

Thank you.

Regards,

Lyle

  •  

    Hi Lyle,

    My first thought is that there's a hack attempt going on against this account causing it to be intruder locked.  Ensure the POA logging is set to Verbose.  Check the log files for incorrect password errors against the account name.

    Cheers,

     

  • Is he an eDirectory user, if so can you check within iManager which ip is locking him to see if it's groupwise server or another one.

    I've seen similar before with ldap when you usually have to put in a separate password for imap and smtp and one of them is wrong. this leads to lockouts, or they've setup the mac default calendar and contacts app, and the password has been changed, and they've not been updated, so when they connect they are causing the lockouts.  Most of the time i find it's something silly internally that's got an old password.

     

    Steph

  • As Laura has mentioned I can imagine that a hack will be tried. If I know a mail address then I ask the IMAP server as often as possible to login with some passwords. I have seen this at several universities ..

    Just use an email-address and lock accounts!

    Diethmar

  • Maybe I misunderstood you but that does not matter ...

     

    Universities have LDAP too. If I try to access i.e. a mailbox via IMAP just using a valid email address over and over with wrong passwords. This account will be locked out in my directory behind LDAP and of course in GroupWise too.

    So my question is if the user is locked in GroupWise only or in LDAP too.

  • I see.

    In our case it is only locked in the GroupWise but not locked in our LDAP.

  • Hmm, do you synchronize users from LDAP to GroupWise? If yes. then there is a setting that users who cannot be synchronized will be disabled. Did you check this?

  • I see, I checked the GWIA logs and im getting the error D715 on the user which means too many logged in attempts.

  • That is the problem having port 25 open for the imap users to send mail,  the spammers want to try to use it as well and pound those they can find.   That is why I push my clients to GMS to not have that security hole and the only permitted smtp inbound comes from their antispam service.

    Until GMS installations, geo blocking IPs from the trouble spots is about the only way to curb those. Firewall level is usually the easiest, but this can be done directly on the server if needed such as with the /etc/hosts.deny file.

    Hot spots we define as IP ranges in countries your users are not going to that are hitting your gwia.  you can extract all the "SMTP session ended:" lines that don't have matching successful logins and I've found they are usually a few consistent IPs that are just pounding away.