[ZendTo] unable to login

Jules Field Jules at Zend.To
Wed Aug 8 17:21:08 BST 2018


Jake,

ZendTo protects itself from being used by attackers to brute-force guess 
passwords.

So if a particular user fails to log in more than a set number of times 
within 24 hours, they are locked out for the next 24 hours.

Obviously you don't want to tell the attacker this has happened, so the 
error message shown to the user is exactly the same. If you told the 
attacker this had happened, they would start trying another account. 
Much better for them to waste their time pointlessly trying passwords 
(one of which might be correct, but will still be rejected!).

Take a look in preferences.php and you'll see this (which are the 
default settings):

   // If a user fails to login with the correct password 'loginFailMax' 
times
   // in a row within 'loginFailTime' seconds, then the user is locked out
   // until the time period has passed.  86400 seconds = 1 day.
   // That means that if you fail to log in successfully 6 times in a row in
   // 1 day, your account is locked out for 1 day and you won't be able to
   // log in for that day.
   'loginFailMax'      => 6,
   'loginFailTime'     => 86400,

If you are logged in as an admin user (and hence see the extra red 
buttons in the main menu), one of those takes you to a page which shows 
all the locked-out users and lets you unlock them selectively.

That's often the cause of this problem with new installations.
Sorry if I saw this thread before and didn't remember this feature!

Cheers,
Jules.

On 08/08/2018 16:53, Sallee, Jake via ZendTo wrote:
> Sorry for the zombie thread here, but I wanted to provide some closure for anyone who may see this in the archives.
>
> In the interest of time I end up going nuclear and blowing away the install and restarting fresh.  This solved the issue but obviously may not be a viable option for everyone.
>
> Sorry.
>
> Jake Sallee
> Godfather of Bandwidth
> System Engineer
> University of Mary Hardin-Baylor
> WWW.UMHB.EDU
>
> 900 College St.
> Belton, Texas
> 76513
>
> Fone: 254-295-4658
> Phax: 254-295-4221
>
> ________________________________________
> From: ZendTo <zendto-bounces at zend.to> on behalf of Sallee, Jake via ZendTo <zendto at zend.to>
> Sent: Wednesday, July 25, 2018 10:51 AM
> To: ZendTo Users
> Cc: Sallee, Jake
> Subject: Re: [ZendTo] unable to login
>
> Jules:
>
> Thank you for your response.  I read the upgrade instructions but I apparently did not read them closely enough.  I read the bit about running the two commands as only being necessary if you are upgrading from a version earlier than 5.0.
>
> My apologies, it was my mistake.
>
> I did run the upgrade commands(and a reboot for good measure) and it did take care of the missing config option for me and the error is no longer showing up in the log file, so that is nice.
>
> But I still cannot log in.
>
> The ldap search command works using the info from my current preferences.php file, shouldn't that mean it should be working?
>
> What is really weird is when I do a packet capture I can see the bind response for the user logging in (me in this case) succeeds but the web page still says it failed ... is there a log file I can look at or something?
>
> Jake Sallee
> Godfather of Bandwidth
> System Engineer
> University of Mary Hardin-Baylor
> http://WWW.UMHB.EDU
>
> 900 College St.
> Belton, Texas
> 76513
>
> Fone: 254-295-4658
> Phax: 254-295-4221
>
> ________________________________________
> From: Jules Field <Jules at Zend.To>
> Sent: Wednesday, July 25, 2018 9:23 AM
> To: ZendTo Users
> Cc: Sallee, Jake
> Subject: Re: [ZendTo] unable to login
>
> Jake,
>
> The PHP notice you got shows that you haven't used
>       /opt/zendto/bin/upgrade_preferences_php
> and/or
>       /opt/zendto/bin/upgrade_zendto_conf
> to upgrade those files. Once you've upgraded your preferences.php and
> zendto.conf files correctly, all the expected settings will be in them.
>
> For AD authentication troubleshooting, please see
> https://urldefense.proofpoint.com/v2/url?u=http-3A__zend.to_activedirectory.php&d=DwIDaQ&c=61yQaCoNVjQr1ah003i6yA&r=hv6FWbB_1Tauwq1un9h_XR4pflYMFHr0Ag1rvcLKIQA&m=aPJXY5gIxyke0vsmlY9i_bOTQpaYFx8EeKemi8iBeFg&s=YoqPu2mQX7tUfQl8dXTkzGHuKZszFpEyBAE2uYB-kyk&e=
>
> Cheers,
> Jules.
>
>
> On 25/07/2018 14:54, Sallee, Jake via ZendTo wrote:
>> All:
>>
>> I'm having a weird issue in ZendTo version 5.02 with MS AD as the backend user DB.
>>
>> No one is able to login when they try they get:
>>
>> Authentication Error
>> The username or password was incorrect.
>>
>> However I have verified my username and password and still I am not able to log in.
>>
>> I have been scouring the logs without much success.  the only thing I see is this when I get the error on login:
>>
>> ==> /var/log/apache2/error.log <==
>> [Wed Jul 25 08:32:17.700721 2018] [php7:notice] [pid 3496] [client 10.11.0.54:47742] PHP Notice:  Undefined index: SMTPsetFromToSender in /opt/zendto/lib/NSSDropbox.php on line 317
>>
>> Line 317 in the referenced file is this:
>>
>> $this->_SMTPsetFromToSender   = $prefs['SMTPsetFromToSender'];
>>
>> It seems to be referencing an non-existent setting in the preferences.php file, but commenting this line out changed nothing.
>>
>> I have firewall logs showing there is communication going to the AD servers and this setup was working but then stopped.  As far as I can tell the AD integration bits are setup correctly ... I' am at a loss here.
>>
>> Is there another log file I can look at to get some more info?  Is there some other troubleshooting step I can use (like a debug mode somewhere) to see more info?
>>
>> Jake Sallee
>> Godfather of Bandwidth
>> System Engineer
>> University of Mary Hardin-Baylor
>> http://WWW.UMHB.EDU
>>
>> 900 College St.
>> Belton, Texas
>> 76513
>>
>> Fone: 254-295-4658
>> Phax: 254-295-4221
>>
>> _______________________________________________
>> ZendTo mailing list
>> ZendTo at zend.to
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__jul.es_mailman_listinfo_zendto&d=DwIDaQ&c=61yQaCoNVjQr1ah003i6yA&r=hv6FWbB_1Tauwq1un9h_XR4pflYMFHr0Ag1rvcLKIQA&m=aPJXY5gIxyke0vsmlY9i_bOTQpaYFx8EeKemi8iBeFg&s=Z2YAnd5KuimjzLxfzaxEnjtbZX0J-9k6Na60pl5V7Qs&e=
> Jules
>
> --
> Julian Field MEng CEng CITP MBCS MIEEE MACM
>
> 'Probability factor of one to one. We have normality. I repeat, we
>    have normality. Anything you still can't cope with is therefore
>    your own problem.' - Trillian, The Hitch Hikers Guide to the Galaxy
>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.Zend.To&d=DwIDaQ&c=61yQaCoNVjQr1ah003i6yA&r=hv6FWbB_1Tauwq1un9h_XR4pflYMFHr0Ag1rvcLKIQA&m=aPJXY5gIxyke0vsmlY9i_bOTQpaYFx8EeKemi8iBeFg&s=r_o7N-YZzAEiryEcRfnxnwyLaFR3nV848AWPI1EEL4c&e=
> Twitter: @JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> https://urldefense.proofpoint.com/v2/url?u=http-3A__jul.es_mailman_listinfo_zendto&d=DwICAg&c=61yQaCoNVjQr1ah003i6yA&r=hv6FWbB_1Tauwq1un9h_XR4pflYMFHr0Ag1rvcLKIQA&m=PLaxn3y1DDG0xTTVEtfLEi4bzrPEWTvCXq2VNmv6Voc&s=8Nf8goNylkoHQMFX_tT3KZH7Mc98dd5OdJo2-zDtSt8&e=
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

Forties: Southwesterly 4 or 5, becoming variable 2 or 3 later in east. Slight.
Showers. Good.

www.Zend.To
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654




More information about the ZendTo mailing list