Hello Zextras Team,
Is there any way that I can get the device details (PC/Laptop MAC-Address) on which zextras user is logged in currently? I know the logs available in /opt/zextras/logs/audit.log however this audit/access logs gives me only public IP of my ISP, not the PC details(like local IP or MAC) of zextras user logged-in.
Hello Team,
We kindly request that this issue be reviewed again, as we urgently require a workaround.
To provide a brief overview of the issue, we created a new email address under the Carbonio mail server, which was successfully configured on Outlook for a user. However, the problem arises when the user changes their email password. After updating the password in Outlook (the mail client), the account gets locked out in a short span of time. Interestingly, the issue resolves when the user reverts to the old password.
Initially, we suspected the issue was caused by Outlook, so we deleted the email profile and even formatted the PC, but the problem persists. As a temporary measure, we have advised affected users not to change their passwords.
Upon reviewing the audit logs, we observed that the lockout appears to be triggered by Microsoft Office 365, although the user's email account has not been configured in any Microsoft services. This issue affects all users whose email accounts are set up in Outlook
2024-09-12 21:42:41,774 WARN [ImapServer-78] [ip=XXX.XXX.XXX.XXX;oip=40.99.78.85;via=Microsoft Office 365/15.20.7962.17,XXX.XXX.XXX.XXX(nginx/1.20.2);ua=Zimbra/24.1.0_ZEXTRAS_202401;cid=3019;] security - cmd=Auth; account=jjoromo@azpired.net; protocol=imap; error=authentication failed for [jjoromo@azpired.net], account lockout;
2024-09-12 21:43:28,267 WARN [ImapServer-80] [ip=XXX.XXX.XXX.XXX;oip=40.99.78.85;via=Microsoft Office 365/15.20.7962.17,XXX.XXX.XXX.XXX(nginx/1.20.2);ua=Zimbra/24.1.0_ZEXTRAS_202401;cid=3021;] security - cmd=Auth; account=jjoromo@azpired.net; protocol=imap; error=authentication failed for [jjoromo@azpired.net], account lockout;
2024-09-12 21:44:09,629 WARN [ImapServer-80] [ip=XXX.XXX.XXX.XXX;oip=40.99.78.85;via=Microsoft Office 365/15.20.7962.17,XXX.XXX.XXX.XXX(nginx/1.20.2);ua=Zimbra/24.1.0_ZEXTRAS_202401;cid=3023;] security - cmd=Auth; account=jjoromo@azpired.net; protocol=imap; error=authentication failed for [jjoromo@azpired.net], account lockout;
2024-09-12 21:44:51,162 WARN [ImapServer-80] [ip=XXX.XXX.XXX.XXX;oip=40.99.78.85;via=Microsoft Office 365/15.20.7962.17,XXX.XXX.XXX.XXX(nginx/1.20.2);ua=Zimbra/24.1.0_ZEXTRAS_202401;cid=3025;] security - cmd=Auth; account=jjoromo@azpired.net; protocol=imap; error=authentication failed for [jjoromo@azpired.net], account lockout;
2024-09-12 21:45:32,792 WARN [ImapServer-80] [ip=XXX.XXX.XXX.XXX;oip=40.99.78.85;via=Microsoft Office 365/15.20.7962.17,XXX.XXX.XXX.XXX(nginx/1.20.2);ua=Zimbra/24.1.0_ZEXTRAS_202401;cid=3027;] security - cmd=Auth; account=jjoromo@azpired.net; protocol=imap; error=authentication failed for [jjoromo@azpired.net], account lockout;
2024-09-12 21:46:14,474 WARN [ImapServer-78] [ip=XXX.XXX.XXX.XXX;oip=40.99.78.85;via=Microsoft Office 365/15.20.7962.17,XXX.XXX.XXX.XXX(nginx/1.20.2);ua=Zimbra/24.1.0_ZEXTRAS_202401;cid=3028;] security - cmd=Auth; account=jjoromo@azpired.net; protocol=imap; error=authentication failed for [jjoromo@azpired.net], account lockout;
Microsoft Office 365 appears because the user has the O365 version of Outlook. It has nothing to do with O365 as SaaS.
Are you sure the password was correctly updated in Outlook (both IMAP and SMTP)?
The passwords have been successfully updated, and this issue is occurring across most email accounts configured in Outlook.
I can confirm that the passwords were correctly updated, as I verified users were able to log in via webmail before they entered their updated credentials in Outlook.
As I said, did you check the all the accounts (IMAP and SMTP and maybe CalDAV) were updated in Outlook?
Are you sure your users do not have some phone connected to their account too?
The log extract show "account locked", this is after the password issue.
You should look at the logs at the time the lockout happens to find out what is causing the lockout (IMAP or SMTP or something else).
Also, you should upgrade your Carbonio server, it's not up to date.
First, I would like to thank you for your prompt response. We have confirmed that no phones or laptops are connected to their accounts, as we have restricted email server access from outside the office premises for the users experiencing these issues.
The immediate logs indicate that the lockouts are occurring due to incorrect passwords.
I will proceed with upgrading our Carbonio Clusters and check if this resolves the issue. If not, I will follow up here. Thank you.
You have a "cluster"?
Do you have several LDAP servers? If yes, have you checked they are correctly synced together?
Yes, @Klug, we have LDAP clusters in place, and their replications are fully synchronized. Numerous applications utilize these LDAP clusters, and they are functioning without any issues.
Numerous applications are using your Carbonio LDAP cluster?
Are you sure of that?
Because this is not what should be done (Carbonio LDAP is not supposed to be the main directory for your organization and used by other apps).
Do you have a Carbonio LDAP cluster or a global LDAP cluster?
In the second case, how is the authorization setup for the domain of the user with the password issue?
Did you disable local auth fallback in Carbonio?
How/where did you change the user's password (Carbonio or global LDAP)?
I believe there's been a misunderstanding. I was referring to our own LDAP, not Carbonio. We've been using our LDAP clusters, which authenticate our Carbonio users for successful login. It seems the discussion has shifted from the original topic. We manage password changes through SSO, and this setup has been in place since we started using Zimbra, approximately 10 years ago, without any issues.
OK, so we just learnt you're using SSO.
While you said the passwords were updated in Outlook (thus, no SSO).
Are you sure you setup Carbonio auth the same way you did with Zimbra (fallback, etc)?
There are too many information lacking on your setup to help you.
I understood from your point of view. Yes, there are no issues with LDAP authentication. We don't have any issues with other carbonio users which I clearly mentioned, meaning there are no issues LDAP authentication. I told you that some carbonio user's emails are configured in the Microsoft Outlook where the current passwords were updated correctly. In MS outlook, you cannot updated the passswords automatically right.