Highlighted
New Member.
1712 views

PO log file question

I seeing this in the PO log (11:10:48 ECB3 C/S Login Linux ::GW Id=Thom_Spicer :: 10.1.0.5 ) trying to understand if this is coming from webacc, GWIA or GW client login?
Labels (2)
0 Likes
12 Replies
Highlighted
Visitor.

Re: PO log file question

WebAccess is mediated by SOAP
GWIA would show IMAP / POP
The rest are GroupWise clients. This seems to be indicating a Linux client.

Example:

0910poa.017:13:32:15 ECFF SOAP command:[loginRequest] requested from 192.168.2.64   User session(roger) <-- DataSync or WebAccess
0910poa.017:13:32:20 E85F C/S Login GWIA/Imap ::GW Id=Ben :: 10.2.2.222 [192.168.2.59] <--GWIA
0910poa.017:13:32:13 E7AF C/S Login Windows Net Id=Joe ::GW Id=Joe :: 192.168.2.67 <-- Initial login by Joe on Windows Client
0910poa.017:13:32:21 E85F C/S Login Windows ::GW Id=Support :: 192.168.2.67 <-- Joe's Windows Client, accessing Support's account

0910poa.017:13:39:53 EFB8 C/S Login Linux Net Id=Bob ::GW Id=Bob :: 192.168.2.158 <-- Me from my Linux desktop
0910poa.017:13:39:59 E6DF C/S Login Linux ::GW Id=Logger :: 192.168.2.158 <-- Me, accessing a shared folder from Logger
0


So in your case you need to look UP in the logs to see who is accessing some shared folder, or address book shared from Mr. Spicer so look for any activity from 10.1.0.5 and look for the primary login event. Any type of sharing will show up this way.

-- Bob
0 Likes
Highlighted
New Member.

Re: PO log file question

10.1.0.5 is our webacc and GWIA server, I have some users getting account locked from that IP address. None of them are using Linux desktop. I thought someone might be trying to brute force the user password I was wanting to find out what ip address it was coming from. But since the IP address is from our server not sure what is causing this and not sure which log file to check.
09:53:01 EC5A C/S Login Linux ::GW Id=TSpicer :: 10.1.0.5
09:53:04 ECA3 LDAP Error: 49 (TSpicer)
09:53:04 ECA3 LDAP Error: Invalid credentials (TSpicer)
09:53:04 ECA3 Error: Invalid password [D019] User:TSpicer (TSpicer)
0 Likes
Highlighted
Visitor.

Re: PO log file question

Do you have an archiving solution, or some other things on the server which might be active? Is this user mailbox located on this server or another POA? And just to be clear, what version of GW is this?

-- Bob
0 Likes
Highlighted
New Member.

Re: PO log file question

We have gava retain and gava reload, it runs at night. The user mailbox is on another POA the 10.1.0.5 is just webacc and GWIA. We are are using groupwise 2012
0 Likes
Highlighted
New Member.

Re: PO log file question

We have gwava retain and gwava reload, it runs at night. The user mailbox is on another POA the 10.1.0.5 is just webacc and GWIA. We are are using groupwise 2012
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: PO log file question

In article <data5248.61i8kq@no-mx.forums.novell.com>, Data5248 wrote:
> We are are using groupwise 2012
>

and which patch/build level is it that you are running?
And what OS are you running it on?
If Linux, the command of
rpm -qa |grep groupwise
will give a good answer to just cut 'n paste here.


Andy Konecny
Knowledge Partner (voluntary SysOp)
KonecnyConsulting.ca in Toronto
----------------------------------------------------------------------
Andy's Profile: http://forums.novell.com/member.php?userid=75037


___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
Highlighted
New Member.

Re: PO log file question

novell-groupwise-admin-12.0.1-103731
novell-groupwise-gwha-12.0.1-103731
novell-groupwise-dbcopy-12.0.1-103731
novell-groupwise-gwdva-12.0.1-103731
novell-groupwise-agents-12.0.1-103731

POA is running oes 11sp1
webacc and GWIA SLES 11sp2
0 Likes
Highlighted
New Member.

Re: PO log file question

I'm still seeing this Login Linux on several users and felling on the password.

13:46:58 EC7B C/S Login Linux ::GW Id=AHartsfield :: 10.1.0.5
13:47:01 EC7B LDAP Error: 49 (AHartsfield)
13:47:01 EC7B LDAP Error: Invalid credentials (AHartsfield)
13:47:01 EC7B Error: Invalid password [D019] User:AHartsfield (AHartsfield)
13:47:01 E1DF *** APP DISCONNECTED, Tbl Entry=389, Check ID=1378801211
13:47:02 E1DF *** NEW APP CONNECTION, Tbl Entry=389, Check ID=1378801212
13:47:02 E1DF C/S Login GWIA/Imap ::GW Id=tickets :: 10.1.0.8 [10.1.0.5]
13:47:02 ECB3 Notifying client at: 10.98.30.33 UDP port 1127
13:47:02 ECB3 Notifying client at: 10.98.30.33 UDP port 1123

14:15:42 E1DF C/S Login Linux ::GW Id=ROwens :: 10.1.0.5
14:15:44 EBAF Processing update: item record (aroethler)
14:15:44 EC72 Notifying client at: 10.3.130.217 UDP port 1163
14:15:44 EC72 Notifying client at: 10.3.130.217 UDP port 1167
14:15:44 EC72 Notifying client at: 10.3.129.115 UDP port 1147
14:15:44 EBAF Purge Execution Record #16948 (aroethler)
14:15:45 E1DF LDAP Error: 49 (ROwens)
14:15:45 E1DF LDAP Error: Invalid credentials (ROwens)
14:15:45 E1DF Error: Invalid password [D019] User:ROwens (ROwens)
14:15:45 EC7B *** NEW APP CONNECTION, Tbl Entry=59, Check ID=1378801545
14:15:45 ECBB *** APP DISCONNECTED, Tbl Entry=462, Check ID=1378801544
14:15:45 EC7B C/S Login Windows ::GW Id=smalugin :: 10.1.0.14
14:15:46 EC7B Opening remote C/S session for: smalugin
14:15:46 DEFF *** NEW APP CONNECTION, Tbl Entry=462, Check ID=1378801546
14:15:46 EC7B Sending file to remote client.

Just want to post more of the log and see if anyone has any ideal why it is doing this.
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: PO log file question

In article <data5248.61m66y@no-mx.forums.novell.com>, Data5248 wrote:
> novell-groupwise-*-12.0.1-103731
>

Patching to SP2 of GroupWise would be my first shot at this.

Are you using the LDAP interface on your GWIA? If not make sure it is
turned off.
Are you authenticating users via LDAP or normal built in GroupWise?



Andy Konecny
Knowledge Partner (voluntary SysOp)
KonecnyConsulting.ca in Toronto
----------------------------------------------------------------------
Andy's Profile: http://forums.novell.com/member.php?userid=75037


___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
Highlighted
New Member.

Re: PO log file question

Authenticating users via LDAP
0 Likes
Highlighted
Visitor.

Re: PO log file question

Support | Common LDAP Errors reported by the POA

I'm not seeing spurious Linux logins for any of my 3700 users, so that could be a bug fixed in 2012 SP2.

But the LDAP authentication error is fully explained by incorrect logins or unassociated objects or the like.

Remember that things like IMAP on phones will just beat on the POA with bad credentials until someone fixes them.

Updating to SP 2 is, if we are honest, about 5 minute of down time. So try that first.

-- Bob
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.