Question re: problem with our authentication servers
Track your ARP/MAC table changes and so much more
Brought to you by:
yantisj
Menu
▾
▴
We seem to be having issues with our auth servers where every now and then the account being used for netdb is being locked out.
I think what is happening is that multiple login failures are occurring in a short period and the auth server locks the account.
Question #1:
Is there a way to have netdb STOP using an account if it fails x number of times?
Question #2:
Is there a way to have netdb alert me that the login is failing?
Gene
Gene,
I’m just getting back in to the office. Netdb can put a heavy load on your auth servers no doubt, but on a per switch basis, it only tries two logins. It will try the primary login, and if that fails, it will fall back to local authentication. If both fails, it should report that to the /var/log/netdb/control.log. If you increase the debugging level to 1 in /etc/netdb.conf, I believe you should see when the primary login fails and it tries reverting to the fallback authentication.
So I would try increasing the debug level for now and then try to correlate an event with the account lockouts. Perhaps some devices are having trouble reaching the auth server or somehow causing failed logins on that account, leading to the account getting locked out from all devices. Hopefully the logging should help show this.
It turned out to be a network problem that resulting in mucho ARPs on the VLAN where the netdb server is and the ARPs were inhibiting communication.
Once the issue was resolved authentication is working fine.