Results 1 to 6 of 6

Thread: [SOLVED] Big Problem (locked out admin account)

  1. #1
    tgx's Avatar
    tgx
    tgx is offline Elite Member
    Join Date
    Mar 2006
    Posts
    300
    Rep Power
    9

    Default [SOLVED] Big Problem (locked out admin account)

    Something happened to my 5.0.0 GA install today.
    I have been using this server for about 6 months now starting
    with RC1. I have run fresh installs with each rev.

    Originally I had created an admin user and a backup account
    that also had admin privileges. Both have complex passwords.
    Today, both of my admin accounts are disabled. I am still able
    to access as a normal user. I am the only IT person at this
    location and nobody else has the passwords. What can I look
    at to get back into the system?

  2. #2
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Do you have a failed login policy? You should check that.

    In any case, you can create a new temp admin by running:

    zmprov ca temp@mail.domain.com pass123 zimbraIsAdminAccount TRUE

  3. #3
    tgx's Avatar
    tgx
    tgx is offline Elite Member
    Join Date
    Mar 2006
    Posts
    300
    Rep Power
    9

    Default

    Thanks for the quick reply I am working on it now.
    The thing is nothing changed from last night to this morning
    unless there was some sort of failure or exploit.

    **UPDATE**
    Was a login failure problem from Kmail. Account was locked.
    No idea why the admin account would not login. Will try
    resetting it's password.
    Last edited by tgx; 01-18-2008 at 09:52 AM.

  4. #4
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Well, in 5.0, there is a known expoit it jetty, but you can't gain admin privs that way. You can only view a directory that you're not supposed to...but there's nothing important in it anyway. So it really won't affect you.

    You should check your /opt/zimbra/log/audit.log

  5. #5
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    PS it's fixed in 5.0.1

  6. #6
    tgx's Avatar
    tgx
    tgx is offline Elite Member
    Join Date
    Mar 2006
    Posts
    300
    Rep Power
    9

    Default

    Thx. I updated since it was on my to-do list anyway.
    I don't think it was an exploit just a series of unfortunate events.
    A nice firedrill.
    Last edited by tgx; 01-18-2008 at 10:31 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Allow single account to be domain admin over multiple domains
    By peter@mxtoolbox.com in forum Administrators
    Replies: 2
    Last Post: 03-19-2008, 12:36 PM
  2. [SOLVED] Upgraded to 5.0 OSS - Sendmail Problem
    By Chewie71 in forum Installation
    Replies: 11
    Last Post: 12-28-2007, 07:07 PM
  3. Two server locked account problem
    By lfasci in forum Administrators
    Replies: 1
    Last Post: 04-23-2007, 01:57 PM
  4. Problem sending mail from another account in Outlook
    By UTSCSE in forum Zimbra Connector for Outlook
    Replies: 4
    Last Post: 01-25-2007, 05:50 PM
  5. restore admin account
    By preem in forum Administrators
    Replies: 2
    Last Post: 01-19-2007, 07:56 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •