× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Wow, getting warmer.
The IP address points to our DEV partition.
Mmmmm.

Yours truly,

Glenn Gundermann
Email: glenn.gundermann@xxxxxxxxx
Work: (416) 675-9200 ext. 89224
Cell: (416) 317-3144


On 24 July 2015 at 13:12, <rob@xxxxxxxxx> wrote:

Was there an IP address in the audit journal?
F10=Display only entry details
...
Job . . . . . . . . : 710475/QTCP/QTFTP00065
...
Remote address . . . : 10.10.8.237

NSLOOKUP HOSTNAME('10.10.8.237')
237.8.10.10.in-addr.arpa name = gdl164.dekko-1.

Hey, GDL164 is my laptop! :-)


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: Glenn Gundermann <glenn.gundermann@xxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 07/24/2015 01:01 PM
Subject: Re: What is causing a user profile to be disabled?
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



Thanks Gary, this was very useful.
This confirms it is happening from an FTP job.


From job . . . . . . . . . . . : QTFTP00026

User . . . . . . . . . . . . : QTCP

Number . . . . . . . . . . . : 673856


I fouind three jobs that ran 5 minutes apart and each one had an invalid
password. The third job disabled the user profile.


How can I find who/what is submitting these jobs?

A WRKJOB on any of these jobs tells me nothing.


Thanks again for all assistance.



Yours truly,

Glenn Gundermann
Email: glenn.gundermann@xxxxxxxxx
Work: (416) 675-9200 ext. 89224
Cell: (416) 317-3144


On 24 July 2015 at 12:03, Monnier, Gary <Gary.Monnier@xxxxxxxxx> wrote:

Have you checked QAUDJRN for password failure entries? Use journal code
T
entry type PW. Position 1 in the entry specific data shows the
violation
type and starting in position 2 is the user profile job user where the
failure occurred. You can find the complete layout in appendix F of the
security reference manual.

Types of failures are...

A APPC bind failure.
C User authentication with the CHKPWD command failed.
D Service tools user ID name not valid.
E Service tools user ID password not valid.
P Password not valid.
Q Attempted signon (user authentication) failed because user profile is
disabled.
R Attempted signon (user authentication) failed because password was
expired.
This audit record might not occur for some user authentication
mechanisms.
Some authentication mechanisms do not check for expired passwords.
S SQL Decryption password is not valid.
U User name not valid.
X Service tools user ID is disabled.
Y Service tools user ID not valid.
Z Service tools user ID password not valid

Gary Monnier

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Glenn Gundermann
Sent: Friday, July 24, 2015 7:59 AM
To: Midrange Systems Technical Discussion
Subject: What is causing a user profile to be disabled?

Hi folks,

Is there a way to find out what is causing a user profile to be
disabled?

I suspect it's an FTP process from another server that is causing this.

When I press Help on CPF1393 in QHST, there is very little information.
device *N
network address *N
subsystem QSYSWRK

This is happening several times each day. What's funny is that nobody
is
complaining about a process not working but obviously if they have the
wrong password something has got to be failing.

Any guidence would be appreciated.

Yours truly,

Glenn Gundermann
Email: glenn.gundermann@xxxxxxxxx
Work: (416) 675-9200 ext. 89224
Cell: (416) 317-3144
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.