[ZendTo] Authentication Error - The username or password was incorrect
Marlon Deerr
MDeerr at hshlawyers.com
Fri Jul 17 22:54:09 BST 2020
Jules,
No, I didn’t type in < and > characters. I only did that to not show real usernames on my end. So to be clear, no I did not type in those characters as part of the username when using the /opt/zendto/bin/adduser command. As for certificates, I’m not sure as our DNS server is actually managed by our MSP. With that said, when I do run the openssl command, I get the below output.
As for the log file at /var/log/zendto/zendto.log, if it says Warning: authorization failed for username, does that mean it wasn’t able to read from our AD Server. Not sure how to interpret that because before I ran the upgrade command after applying the latest patch, it seemed as though it was able to read from AD. Now I’m not sure what’s going on.
Output for openssl s_client -connect your-ad-server.company.com:636
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 283 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
From: Jules [mailto:Jules at Zend.To]
Sent: Wednesday, July 15, 2020 12:35 PM
To: Marlon Deerr <MDeerr at hshlawyers.com>; ZendTo Users <zendto at zend.to>
Subject: Re: [ZendTo] Authentication Error - The username or password was incorrect
Are you actually seeing the < and > characters?
You didn't actually type those into the /opt/zendto/bin/adduser command, did you?
Have a read of the AD troubleshooting steps on
zend.to/activedirectory
Do you know if you're running with a locally-signed certificate on your AD servers?
Assuming you have the hostname and port number (636 usually) of your AD server, try
openssl s_client -connect your-ad-server.company.com:636
That will show you the initial SSL/TLS handshake involving all the certificates.
You'll need to Ctrl-C it at the end, but what it prints out should be very useful so you can see exactly what is using which certs.
Hope that helps,
Jules.
On 15/07/2020 16:50, Marlon Deerr wrote:
OK, my user seems to be unlocked now but now I am getting the following errors below. I must be missing something else in my setup:
Warning: admin authorization failed for <username1>
And for other users I still get the following error:
Warning: authorization failed for <username2>
Note: I believe I added <username1> as an admin.
Marlon Deerr, Technology Manager
416-572-8795 (direct) | MDeerr at hshlawyers.com<mailto:MDeerr at hshlawyers.com>
[cid:image002.jpg at 01D65C5C.D501A610]<https://www.hshlawyers.com>
[cid:image004.jpg at 01D65C5C.D501A610]<https://www.linkedin.com/company/howie-sacks-&-henry-llp---personal-injury-law/> [cid:image006.jpg at 01D65C5C.D501A610] <https://twitter.com/hshlawyers> [cid:image008.jpg at 01D65C5C.D501A610] <https://www.facebook.com/HSHPersonalInjuryLawyers/> [cid:image010.jpg at 01D65C5C.D501A610] <https://www.youtube.com/user/hshlawyers>
3500 - 20 Queen St. W., Toronto, ON M5H 3R3
Fax: 416-361-0083 | Toll Free: 877-474-5997 | www.hshlawyers.com<https://www.hshlawyers.com>
This Howie Sacks & Henry e-mail is privileged, confidential and subject to copyright. Any unauthorized use or disclosure is prohibited.
From: Jules [mailto:Jules at Zend.To]
Sent: Wednesday, July 15, 2020 7:09 AM
To: ZendTo Users <zendto at zend.to><mailto:zendto at zend.to>
Cc: Marlon Deerr <MDeerr at hshlawyers.com><mailto:MDeerr at hshlawyers.com>
Subject: Re: [ZendTo] Authentication Error - The username or password was incorrect
Marlon,
The crucial bit in the log is the "locked-out user" bit.
ZendTo has a security feature in it to stop it being used as a method of brute-force attacking your accounts from outside.
If the same user has several failed logins in a row, that user is locked out for the next 24 hours by default.
If you can login as an admin user, one of the extra admin red buttons shows you the locked out users and lets you reset them.
Alternatively, you can unlock all locked users from the command line with
/opt/zendto/bin/unlockuser -a
Cheers,
Jules.
On 14/07/2020 18:45, Marlon Deerr via ZendTo wrote:
Ok, so I think I finally (or almost finally) got my AD authentication settings correct. I have installed the ldapsearch utility to confirm that I’m able to successful search the OU where my users reside, however when I attempt to log in with a valid user, ZendTo keeps erroring with:
Authentication Error
The username or password was incorrect
I checked the /var/log/zendto/zendto.log and it says the following:
“….Warning: authorization attempt for locked-out user <username1>
Then when I try logging in as another user, I see the following in the log
“…Warning: authorization failed for <username2>
I know that I have both username/password correct so I must be missing something. Anyone know what setting I may have applied incorrectly?
_______________________________________________
ZendTo mailing list
ZendTo at zend.to<mailto:ZendTo at zend.to>
http://jul.es/mailman/listinfo/zendto
Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
'When a man points a finger at someone else, he should remember
that four of his fingers are pointing at himself.' - Louis Nizer
www.Zend.To<http://www.Zend.To>
Twitter: @JulesFM
Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
'There is silent poetry in the stillness of morning;
in the calm, the cries & sighs of life sound like gentle music.'
- @Astro_Wheels
www.Zend.To<http://www.Zend.To>
Twitter: @JulesFM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20200717/c63546e3/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 12435 bytes
Desc: image002.jpg
URL: <http://jul.es/pipermail/zendto/attachments/20200717/c63546e3/attachment-0005.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 777 bytes
Desc: image004.jpg
URL: <http://jul.es/pipermail/zendto/attachments/20200717/c63546e3/attachment-0006.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 768 bytes
Desc: image006.jpg
URL: <http://jul.es/pipermail/zendto/attachments/20200717/c63546e3/attachment-0007.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.jpg
Type: image/jpeg
Size: 756 bytes
Desc: image008.jpg
URL: <http://jul.es/pipermail/zendto/attachments/20200717/c63546e3/attachment-0008.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image010.jpg
Type: image/jpeg
Size: 752 bytes
Desc: image010.jpg
URL: <http://jul.es/pipermail/zendto/attachments/20200717/c63546e3/attachment-0009.jpg>
More information about the ZendTo
mailing list