[ZendTo] LDAP authentication

Jules Jules at Zend.To
Wed May 20 09:54:56 BST 2020


Ken,

ZendTo actively locks out (for 24 hours) users who have failed too many 
login attempts in a day.
This protects against hackers using your ZendTo to attempt to find 
passwords by brute force.

There are 2 ways of seeing who is currently locked out, and to manually 
unlock them immediately:
1. The web interface for an Admin user (it's one of the red buttons).
2. But if you can't get to that, then run /opt/zendto/bin/unlockuser and 
it will show its command-line usage. You should just be able to run
     sudo /opt/zendto/bin/unlockuser -a
to unlock every temporarily-locked account.

Hope that helps,
Jules.

On 19/05/2020 22:28, Ken Etter via ZendTo wrote:
> And now it is working again.  Since a trace on my ldap server showed I 
> wasn't even getting a query from ZendTo, I decided to see what my 
> firewall was seeing.  ZendTo is installed in my DMZ.  I log into the 
> firewall and do a couple of logins to ZendTo with other accounts and 
> watch what shows up in the firewall.  Then I try my login again and it 
> works and shows up in the firewall as expected.  I had changed 
> nothing, I just logged into the firewall to see the activity. 
> Frustrating not knowing why, but things are working again.  I assume 
> the firewall between the DMZ and the rest of the network was the 
> issue, but I have no idea how or why since it just started working.
>
> My apologies for all the clutter on the mailing list.
>
> Ken
> >>> Ken Etter 5/19/2020 4:48 PM >>>
> I have other software that also does LDAP authentication and my 
> account works fine there.  A trace on my LDAP server shows the login 
> happening as expected.  So it is as if ZendTo thinks my account is not 
> an LDAP account and is trying to authenticate elsewhere and failing.
>
> Ken
> >>> Ken Etter 5/19/2020 4:41 PM >>>
> Doing some more digging into this and not making much progress.  I was 
> working on moving ZendTo ldap authentication from port 389 to port 636 
> (SSL).  Something wasn't working right, but now my account is locked 
> out of ZendTo.  Doing a trace from my LDAP server shows that I don't 
> even get a request from ZendTo.  ZendTo is working for all accounts 
> except mine.  Is there anything at all within ZendTo that might give 
> me a clue as to what is going on?
>
> *Ken Etter*, System Administrator
> Architectural Group
> 260.432.9337|msktd.com <http://msktd.com/>
>
> <http://msktd.com/>
>
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'Teach a man to reason, and he will think for a lifetime.' - Phil Plait

www.Zend.To
Twitter: @JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20200520/8bdd919a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IMAGE_5.png
Type: image/png
Size: 18067 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200520/8bdd919a/attachment-0001.png>


More information about the ZendTo mailing list