Hallo,
bei dem Versuch, das Konto von Benutzern nach drei fehlerhaften Anmeldeversuchen zu sperren, ist mir aufgefallen, dass diese Sperrung offensichtlich nur für Windows Clients greift. Eine Anmeldung an einem Debian-Linux Client via ssh ist möglich.
Es sind folgende Eintragungen in der Univention Registry vorgenommen worden:
auth/faillog: yes
auth/faillog/limit: 3
auth/faillog/lock_global: yes
auth/faillog/root:
auth/faillog/unlock_time: 180
Der Befehl univention-app info liefert:
UCS:4.3-2 errata 229
Installed: Cups=2.2.1 dhcp-server=12.0 kde=5.8 nagios=4.3 radius=5.0 samba4=4.7
Es folgt ein Auszug aus der /var/log/auth.log des Debian Clients:
## = Eingefügte Kommentare
##Richtiges password(Konto in UMC noch nicht gesperrt):
Oct 2 11:22:51 debian2 sshd[1834]: pam_krb5(sshd:auth): user testuser authenticated as testuser@example.com
Oct 2 11:22:51 debian2 sshd[1834]: Accepted password for testuser from 192.168.4.46 port 36101 ssh2
Oct 2 11:22:51 debian2 sshd[1834]: pam_unix(sshd:session): session opened for user testuser by (uid=0)
Oct 2 11:22:51 debian2 systemd-logind[1079]: New session 9 of user testuser.
Oct 2 11:22:51 debian2 systemd: pam_unix(systemd-user:session): session opened for user testuser by (uid=0)
##Abmelden vom Client:
Oct 2 11:23:03 debian2 sshd[1834]: pam_unix(sshd:session): session closed for user testuser
Oct 2 11:23:03 debian2 systemd-logind[1079]: Removed session 9.
##Dreimal falsches password beim Anmelden am Linux Client:
Oct 2 11:23:45 debian2 sshd[1866]: pam_krb5(sshd:auth): authentication failure; logname=testuser uid=0 euid=0 tty=ssh ruser= rhost=192.168.4.46
Oct 2 11:23:45 debian2 sshd[1866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.4.46 user=testuser
Oct 2 11:23:45 debian2 sshd[1866]: pam_ldap(sshd:auth): Authentication failure; user=testuser
Oct 2 11:23:46 debian2 sshd[1866]: Failed password for testuser from 192.168.4.46 port 36102 ssh2
Oct 2 11:23:49 debian2 sshd[1866]: pam_krb5(sshd:auth): authentication failure; logname=testuser uid=0 euid=0 tty=ssh ruser= rhost=192.168.4.46
Oct 2 11:23:49 debian2 sshd[1866]: pam_ldap(sshd:auth): Authentication failure; user=testuser
Oct 2 11:23:51 debian2 sshd[1866]: Failed password for testuser from 192.168.4.46 port 36102 ssh2
Oct 2 11:23:54 debian2 sshd[1866]: pam_krb5(sshd:auth): authentication failure; logname=testuser uid=0 euid=0 tty=ssh ruser= rhost=192.168.4.46
Oct 2 11:23:54 debian2 sshd[1866]: pam_ldap(sshd:auth): Authentication failure; user=testuser
Oct 2 11:23:56 debian2 sshd[1866]: Failed password for testuser from 192.168.4.46 port 36102 ssh2
Oct 2 11:23:56 debian2 sshd[1866]: Connection closed by 192.168.4.46 port 36102 [preauth]
Oct 2 11:23:56 debian2 sshd[1866]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.4.46 user=testuser
##Ab hier ist das Konto in der UMC gesperrt:
##Richtiges Password am Linux Client:
Oct 2 11:24:35 debian2 sshd[1868]: pam_krb5(sshd:auth): authentication failure; logname=testuser uid=0 euid=0 tty=ssh ruser= rhost=192.168.4.46
Oct 2 11:24:35 debian2 sshd[1868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.4.46 user=testuser
Oct 2 11:24:35 debian2 sshd[1868]: Accepted password for testuser from 192.168.4.46 port 36103 ssh2
Oct 2 11:24:35 debian2 sshd[1868]: pam_unix(sshd:session): session opened for user testuser by (uid=0)
Oct 2 11:24:35 debian2 systemd-logind[1079]: New session 11 of user testuser.
Oct 2 11:24:35 debian2 systemd: pam_unix(systemd-user:session): session opened for user testuser by (uid=0)
##Abmelden:
Oct 2 11:24:42 debian2 sshd[1868]: pam_unix(sshd:session): session closed for user testuser
Oct 2 11:24:42 debian2 systemd-logind[1079]: Removed session 11.
Mein Ziel ist das Sperren das Benutzerkontos für alle Arten der Anmeldung, also egal ob man sich von einem Windows oder einem Linux Client anmelden möchte.
Wo liegt das Problem?
Hello,
while trying to lock users’ accounts after three failed login attempts, I’ve noticed that this lock seems to work only for Windows clients. It is possible to log into a Debian Linux client via ssh.
The following entries have been made in the Univention Registry:
auth/faillog: yes
auth/faillog/limit: 3
auth/faillog/lock_global: yes
auth/faillog/root:
auth/faillog/unlock_time: 180
The command univention-app info leads to:
UCS:4.3-2 errata 229
Installed: Cups=2.2.1 dhcp-server=12.0 kde=5.8 nagios=4.3 radius=5.0 samba4=4.7
My goal is to lock the user account for all types of login, so whether you want to log in from a Windows or a Linux client.
Where is the problem?
Vielen Dank
Jan-Peter