i am running Zimbra Release 8.6.0.GA.1153.UBUNTU14.64 UBUNTU14_64 FOSS edition, Patch 8.6.0_P6.
The user get authenticated against a Windows 2008R2 DC (LDAP Port 3268).
This works most time.
Sometime random user try to login and get immediatly "error in network service"
After waiting some time the login is working again.
in the mailbox.log i see
2016-05-11 08:20:57,051 INFO [qtp509886383-1216983:http://127.0.0.1:80/service/soap/AuthRequest] [name=mgloss@mydomain.hq;oip=10.58.0.91;ua=zclient/8.6.0_GA_1194;] SoapEngine - handler exception: authentication failed for [mgloss@mydomain.hq], external LDAP auth failed, LDAP error: - unable to ldap authenticate: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
2016-05-11 08:20:57,051 INFO [qtp509886383-1216983:http://127.0.0.1:80/service/soap/AuthRequest] [name=mgloss@mydomain.hq;oip=10.58.0.91;ua=zclient/8.6.0_GA_1194;] soap - AuthRequest elapsed=5
2016-05-11 08:21:00,922 INFO [qtp509886383-1216982:http://127.0.0.1:80/service/soap/AuthRequest] [] misc - Access to IP 10.58.50.91suspended, for repeated failed login.
There are NO authentication errors before!
The interesting part is:
Code: Select all
zmprov gacf |grep -i InvalidLoginFilter
zimbraInvalidLoginFilterDelayInMinBetwnReqBeforeReinstating: 15
zimbraInvalidLoginFilterMaxFailedLogin: 10
zimbraInvalidLoginFilterMaxSizeOfFailedIpDb: 7000
zimbraInvalidLoginFilterReinstateIpTaskIntervalInMin: 5
what is the timerange for the 10 invalid logins?
How can it happen, after the first invalid login to hit the CSFE_SVC_ERROR ?
best regards
Thomas