Displaying 20 results from an estimated 4000 matches similar to: "What are they trying to do here?"
2007 Jun 16
3
dovecot under attack
Hi,
I?ve posted this before but no one was able to help. I can?t figure out
what they are trying to do, and if I should be concerned.
I am running dovecot version 0.99.14 on Fedora Core 4. It appears that my
dovecot server is under attack. This morning in my system e-mail I saw
this:
dovecot:
Authentication Failures:
rhost= : 23431 Time(s)
2009 Apr 03
1
ssh failed login rule problem
Hi there,
I know this is the classic RTFM list question but... I've really tried
hard on this and no result!
This is what I'm receving from logcheck:
System Events
=-=-=-=-=-=-=
Apr 3 06:55:13 bsg sshd[32246]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.233.245.226
user=root
Apr 3 06:55:19 bsg sshd[32248]: pam_unix(sshd:auth):
2019 Mar 15
0
lua policy for Weakforce and web mail failed login attempts
The good news is I believe I got Weakforce running
1) curl -X GET http://127.0.0.1:8084/?command=ping -u wforce:ourpassword
{"status":"ok"}[
2) after running the sample for loop:
for a in {1..101}; do curl -X POST -H "Content-Type:
application/json" --data '{"login":"ahu", "remote": "127.0.0.1",
2006 Jun 16
0
check pass; user unknown in logs
I am seeing lots of these in my logs and there are often a hundered or so
imap/dovecat process running.
I am running RC Core3. Can anyone shead some light on how to correct this ?
Jun 16 08:38:24 jidmail dovecot(pam_unix)[27653]: check pass; user unknown
Jun 16 08:38:24 jidmail dovecot(pam_unix)[27653]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=
Jun 16 08:38:24 jidmail
2010 Jan 23
5
authentication failure
I noticed that my server has a lot ca. 1000x auth failure from
different alocated in China / Romania and Netherlands per day since 3
days
It looks to me like somebody was trying to get into server by guessing
my password by brute force.
what would be the best to stop this attack and how? the server running
apache mysql and ftp
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
443/tcp
2007 Oct 02
1
denyhosts
Hi,
My denyhosts stop working. How do i check why isnt it working anymore for
me?
Thanks
Oct 2 22:59:17 beyond sshd[15690]: Failed password for root from
221.7.37.142 port 49836 ssh2
Oct 2 22:59:17 beyond sshd[15692]: Received disconnect from 221.7.37.142:
11: Bye Bye
Oct 2 22:59:18 beyond sshd[15701]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=
2015 May 12
0
ldap host attribute is ignored
>
> After that you'll probably have to turn up logging in sssd and check its
> logs to see what it's doing.
i have set logging in sssd to 9:
cache_credentials = true
debug_level = 9
I first tried a user with the correct host attribute, then a user
without the host attribute. The output in the logfiles are the same.
Note: USER ist not a local user. Without correct ldap password
2006 Jun 13
1
upgrade to 3.0.22, problem authenticating to AD
We upgraded our Centos 4.3 box's samba from 3.0.10 to 3.0.22 using sernet.de rpms. Prior to upgrading, we had this box authenticating to AD just fine, but now it is broken. Here is part of my log file that might show what is going on.
Jun 13 09:21:06 cent02 login(pam_unix)[2728]: check pass; user unknown
Jun 13 09:21:06 cent02 login(pam_unix)[2728]: authentication failure; logname=LOGIN
2008 Oct 03
2
How to bypass checking of system users by virtual users?
Hi, I have one real domain (abusar.org) and the others are
virtual. So I configured dovecot.conf as the following:
# for abusar.org, real domain
mail_location = mbox:~/.mail/:INBOX=/var/mail/%n
# for the remaining virtual domains
userdb static {
args = uid=17 gid=17 home=/var/spool/virtual/%d/.home/%n mail=mbox:/var/spool/virtual/%d/home/%n:INBOX=/var/spool/virtual/%d/%n
}
passdb
2011 Sep 19
6
64.31.19.48 attempt to break into my computer
>From my secure log:
Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:64.31.19.48
Sep 19 01:16:44 lin12 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user aaron
Sep 19 01:16:45 lin12
2023 Jun 30
1
PAM Offline Authentication in Ubuntu 22.04
On 28/06/2023 17:52, Marco Gaiarin via samba wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
>> I didn't try turning the last one off, but at least you are getting
>> somewhere :-)
>
> With very little steps... ;-)
>
>
>> When you say 'back to login screen', do you mean that you cannot just
>> click the screen,
2018 Apr 26
4
account locks not working ssh/winbind?
Hai.
Config.
Debian Stretch, samba 4.7.7. member server AD backend.
Network setup like in the howtos here. : https://github.com/thctlo/samba4/tree/master/howtos
Today i discovered that somehow a disabled user was able to login after a few retries.
I run a SSH/SFTP server for data exchange with the customer of the company here.
The SSH/SFTP server is restricted by groups, this
2005 Jul 19
1
dovecot(pam_unix)[13823]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost
I installed Dovecot on our FC3 sendmail server and get this from our Dallas office ( out of state to me ).
dovecot(pam_unix)[13823]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost
Only one Dallas user can get mail (pop3 or imap). All local users work fine.
I ended upgoing back to UW and all works fine.
What should I look for?
Thanks
-------------- next part --------------
2012 Jun 01
3
auth trouble
Debian Lenny, Dovecot v 1.0.15.
I'm getting a lot of what I think is a local socket asking
dovecot:auth to verify username/passwords:
> May 31 09:00:54 server dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=admin rhost=
Note the empty 'rhost='. That's why I think it's on the
server. I see others that look like bots:
2009 Jan 02
1
Bug#510472: logcheck-database: pam_unix messages could be ignored.
Package: logcheck-database
Version: 1.2.68
Severity: normal
I'm using ldap to authenticate users. And thus pam_unix is sufficient, but allowed to fail. It has now started to spam the logs with lots of
Jan 2 09:22:57 sisko sshd[28511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host92-22-static.38-79-b.business.telecomitalia.it user=root
And on
2020 Jul 02
0
help whith linux client on domain
1) Does 'getent passwd policia\gafranchello' produce output when run on a
Unix client ?
If try to logon on unis console
--> auth.log
Jul 2 14:13:59 samba-cliente sshd[11654]: Invalid user
POLICIA+gafranchello from 172.33.10.1
Jul 2 14:13:59 samba-cliente sshd[11654]: input_userauth_request: invalid
user POLICIA+gafranchello [preauth]
Jul 2 14:14:04 samba-cliente sshd[11654]:
2013 Jun 14
0
Pam authentication failure message but it works
I am running Centos 6.4 64bit.
Dovecot 2.0.9
I am getting the following messages in /var/log/secure, which looks like
the pam authentication is not working but the users are allowed to login
and the system works great.
I am wondering if pam is actually failing and yet the system is getting
the login info from elsewhere, or is this just a nuisance message?
/var/log/secure
Jun 12 23:11:29 smtp
2013 Nov 28
3
Problem with PAM/SSSD/SAMBA4.1.2
Hi
I hope that I am not totally wrong when asking this on a Samba list, but
as I followed a tutorial found at the SAMBA wiki I hope I can find
someone how is able to help me.
My goal is to set up a server acting as a SAMBA AD Server with single
sign on for linux users.
I use a Ubuntu Server 13.10 as the base. On top of this I installed a
SAMBA 4.1.2 from GIT, did provisioning, Kerberos
2020 Jul 21
0
Authentication with trusted credentials
On 20/07/2020 12:09, Yakov Revyakin wrote:
> OK, trying to define the environment more clearly.
>
OK, I 'think' I know what is going on here, haven't got a fix though :-(
Can you run this command on the Linux DC's and a Linux client:
wbinfo --online-status
On DC's, I get this:
BUILTIN : active connection
EXAMPLE : active connection
SAMDOM : active connection
But on
2017 Nov 22
0
samba-winbind trust domain user issue.
Hi all,
we are facing a strange issue about trust domain user issue.
In the beginning. we are using samba-winbind integrated with Window
AD(Server 2012r2 and Server 2008R2), they are working pretty well.
but recently, the winbind client cloud not get the correct trust
domian's user group info as well,
like: id A\\user only show:
uid=16077216(A\user) gid=16077216(A\domain