Thursday, September 29, 2011

User unable to login to Astaro User Portal

I recently setup some of the lab staff for access to their remote database through an SSL VPN using the awesome Astaro Security Gateway.

One of the users was having some problems to login to the user portal though to change their password. It turns out I gave them them wrong password initially, but even with this correct password they still weren’t able to login.

I entered the WebAdmin and checked the Logging & Reporting -> View Log Files -> User authentication daemon log. I could see the users attempts to login, shown as:

2011:09:29-13:19:48 secure aua[5336]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="x.x.x.x" user="smithjohn" caller="portal" reason="Too many failures from client IP, still blocked for 363 seconds"

I hadn’t seen this before. This is a really good thing to prevent brute force or automated attacks at guessing the users password. However in this case we didn’t want to wait the 6 1/2 minutes to try again.

Under the Management -> WebAdmin Settings -> Security I temporarily changed the values that block the authentication to:

 
After 30 attempts
block access for 3 seconds

The user was then able to login to the user portal, change their password and logout. I then changed the values back to the following:

 
After 3 attempts
block access for 300 seconds

No comments: