Re: Failed Login Log - NRM reporting errors, NMAS says no error
What methods are your valid users using for login?
(LDAP, Novell Client SMB, ???)
If they are using LDAP, turn on LDAP in dstrace and see if you see the
failures there.
Is it possible there are passwords other than Universal being used
successfully? Like NDS or Simple?
-jim
On 10/14/2009 12:36 PM, Rmurphy24 wrote:
>
> jameswatson3;1867006 Wrote:
>> Oops, I just posted this in eDir - Netware before I noticed this forum.
>> I think I'll post here too though.
>>
>> We recently upgraded eDir from 8.8.4 to 8.8.5 then to 8.8.5FTF1 on both
>> Netware 6.5sp8 and OES2SP1 replica masters.
>>
>> I can't say for certain that it was related to this upgrade, but I have
>> recently noticed that multiple Netware servers now show a continuous
>> display of Failed Login attempts in the NRM Health Monitor. No users
>> have reported issues so I'm not sure if this is possibly cosmetic. When
>> I trace LDAP, AUTH and NMAS I get content that appears to indicate
>> success:
>>
>> NMAS: 1: Destroy NMAS Session for reuse
>> NMAS: 1: Create NMAS Session
>> NMAS: 1: Pregathered information NMAS_AID = 2 ignored
>> NMAS: 1: Pregathered information NMAS_AID = 1 value
>> *******************
>> NMAS: 1: NMAS Client supplied user DN *******************
>> NMAS: 1: Actual user DN *******************
>> NMAS: 1: Create thread request
>> NMAS: 1: Using thread 0x95b8a040
>> NMAS: 1: Server thread started
>> NMAS: 1: Started login session
>> NMAS: 1: Pool thread 0x95b8a040 awake with new work
>> NMAS: 1: NCP client address type 1
>> NMAS: 1: NCP client address 10 115 2 132
>> NMAS: 1: PxySendProxyClientInfo Bad Client MAF Handle
>> NMAS: 1: OEM
>> NMAS: 1: OEM Verb 3
>> NMAS: 1: Verify Only
>> NMAS: 1: CanDo
>> NMAS: 1: Selected default login sequence == "NDS"
>> NMAS: 1: Login Method 0x00000007
>> NMAS: 1: Server Module 0x00000007 Get attribute AID: 1
>> NMAS: 1: Begin Server Module 0x00000007
>> NMAS: 1: Server Module 0x00000007 Get attribute AID: 39
>> NMAS: 1: Server Module 0x00000007 Get Password
>> NMAS: 1: Server Module 0x00000007 Write
>> NMAS: 1: Server Module 0x00000007 XWrite
>> NMAS: 1: Server Module 0x00000007 XRead
>> NMAS: 1: Server Module 0x00000007 XWrite
>> NMAS: 1: Server Module 0x00000007 Read
>> NMAS: 1: Server Module 0x00000007 Successful
>> NMAS: 1: NDS Login Method Successful
>> NMAS: 1: WhatNext
>> NMAS: 1: Successful login
>> NMAS: 1: NMAS session succeeded
>> NMAS: 1: Client Session Destroy Request
>> NMAS: 1: Local Session Cleared (Not Destroyed)
>> NMAS: 1: Server get data detected that the session was cleared
>> NMAS: 1: Server Module 0x00000007 Get attribute AID: 39
>> NMAS: 1: Server thread exited
>> NMAS: 1: Pool thread 0x95b8a040 work complete
>>
>> So are these logins really failing? The only mention of the users in
>> either LDAP, AUTH, or NMAS reports success. Their is a report of "Bad
>> Client MAF Handle" but at the end of the day "successful login" is
>> reported.
>>
>> Does anyone know what this means?
>
>
> I'm having a similar problem. I have a single server tree that is used
> for our ldap applications. All users are in one OU and this tree is
> synch'd up w/ our production tree using dirxml (hey, it works!). I just
> noticed that we're getting anywhere from 50-100 failed login attempts
> per hour, all w/ the IP address being the server itself, and the user
> being "unknown".
>
> In doing some DSTRACE's, we found the following:
> 11:07:40 49734200 Auth:<0x1> LocalLoginRequest. Error cannot go remote
> (-779), conn: -1.
> 11:07:40 49734200 LDAP: Failed to resolve full context on connection
> 0x44e5ce00, err = no such entry (-601)
> 11:07:40 49734200 LDAP: Failed to authenticate full context on
> connection 0x44e5ce00, err = no such entry (-601)
> 11:07:40 49734200 LDAP: Cannot resolve NDS name
> 'CN=unknown.OU=Employees.OU=***.O=***.C=***' in ResolveAndAuthNDSName,
> err = no such entry (-601)
> 11:07:40 49734200 LDAP: Base
> "cn=unknown,ou=Employees,ou=***,o=***,c=***" not found, err = no such
> entry (-601)
>
> Any idea if this is a real problem? I'm not hearing from any users that
> they are unable to get into the applications, but the server is always
> red in NRM.
>
>
|
Threaded Mode
