[SOLVED] Big Problem (locked out admin account)

[tgx]

Something happened to my 5.0.0 GA install today.
I have been using this server for about 6 months now starting
with RC1. I have run fresh installs with each rev.

Originally I had created an admin user and a backup account
that also had admin privileges. Both have complex passwords.
Today, both of my admin accounts are disabled. I am still able
to access as a normal user. I am the only IT person at this
location and nobody else has the passwords. What can I look
at to get back into the system?

[jholder]

Do you have a failed login policy? You should check that.

In any case, you can create a new temp admin by running:

zmprov ca temp@mail.domain.com pass123 zimbraIsAdminAccount TRUE

[tgx]

Thanks for the quick reply I am working on it now.
The thing is nothing changed from last night to this morning
unless there was some sort of failure or exploit.

**UPDATE**
Was a login failure problem from Kmail. Account was locked.
No idea why the admin account would not login. Will try
resetting it's password.

[jholder]

Well, in 5.0, there is a known expoit it jetty, but you can't gain admin privs that way. You can only view a directory that you're not supposed to...but there's nothing important in it anyway. So it really won't affect you.

You should check your /opt/zimbra/log/audit.log

[jholder]

PS it's fixed in 5.0.1

[tgx]

Thx. I updated since it was on my to-do list anyway.
I don't think it was an exploit just a series of unfortunate events.
A nice firedrill.