- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: Are all terminals connected to Terminal Server...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2010 06:24 AM
тАО02-22-2010 06:24 AM
we have recently merged 3 clusters into one big cluster (albeit with separate sysuafs). Users are complaining more about being locked out. I understand that when a user is locked out of SERVER 1, he is locked out from all servers in the cluster for 10 minutes.
But is this the case?? :
We have 5 terminals connected via one terminal server. When a user locks out of one terminal, it appears all 5 terminals are locked??
Thanks
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2010 06:51 AM
тАО02-22-2010 06:51 AM
Re: Are all terminals connected to Terminal Server locked out
What, exactly, does that mean?
Is "SERVER 1" a terminal server, or a
computer, or what?
It might help if you showed actual commends
with their actual output, so that we could
see what's happening, instead of trying to
interpret what's happening for us.
> Users are complaining more [...]
So, this phenomenon, whatever it is, is not
new, but only worse?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2010 07:00 AM
тАО02-22-2010 07:00 AM
Re: Are all terminals connected to Terminal Server locked out
Locked out - They are showing in the VMS break-in database and have to be removed by "dele/intru"
eg :
Intrusion Type Count Expiration Source
--------- ---- ----- ---------- ------
NETWORK SUSPECT 1 22-FEB-2010 14:59:03.50 belflsh-shop-ts01::TELNET_AC19A31B
When one user is locked out, all other 5 terminals which run off the same terminal server are locked out.
Is there a way to stop this - ie - only the one terminal is locked and not all 5.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2010 07:19 AM
тАО02-22-2010 07:19 AM
Re: Are all terminals connected to Terminal Server locked out
As for another approach that might be assumed feasible here, http://openvms.hobby-site.com/pivot/entry.php?id=55
I'll assume you know that multiple UAFs and the rest of the shared files within a cluster must be synchronized, or things can and variously do get seriously wacky. The files are listed in SYLOGICALS.TEMPLATE in V7.2 and later.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2010 07:22 AM
тАО02-22-2010 07:22 AM
Re: Are all terminals connected to Terminal Server locked out
This is a well known side-effect of an intended reaction.
It is NOT the user that is locked out, it is the Terminal Server.
Look at the locked out username: TELNET_AC19A31B
Convert AC.19.A3.1B, each 2 hex digets, to decimal, and you get 172.25.171.27.
And that would be your terminal server, I bet.
I do not know of a way to get around this, but I would LOVE to read how it can be done.
Proost.
Have one on me.
jpe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2010 07:40 AM
тАО02-22-2010 07:40 AM
Re: Are all terminals connected to Terminal Server locked out
> be done.
Use LAT? I know nothing, but I gather that:
LAT is tracked back to the originating
port based on the contents of the
TT_ACCPORNAM field.
http://h71000.www7.hp.com/doc/732final/aa-q2hlg-te/00/00/69-con.html
If true, then this might be a little more
selective than using the IP address.
I can't help but wonder why legitimate users
are getting flagged as intruders so
frequently as to cause a problem. Bad
password policy?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2010 08:20 AM
тАО02-22-2010 08:20 AM
Re: Are all terminals connected to Terminal Server locked out
Will test changing this to see if there is any difference.
We dont use LAT anymore - most users have access via PCs, but there are a few terminals knocking about, connected to the one Terminal Server, and as mentioned earlier, when one terminal has an intrusion record, all other terminals are locked out.
Will let you know if this works,
thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2010 08:20 AM
тАО02-22-2010 08:20 AM
Re: Are all terminals connected to Terminal Server locked out
There are approaches that are based on site-local heuristics that tend to do rather better in this area than brute-force mechanisms, but even these are far from a panacea. You'd have to port some of this stuff, but there's Python around if you wanted to have a look at something similar to DenyHosts.
http://labs.hoffmanlabs.com/node/1138
http://labs.hoffmanlabs.com/node/689
Best to punt on this and look at your authentication model; to not try digging a comparatively bad hole deeper.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2010 09:04 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2010 09:11 AM
тАО02-22-2010 09:11 AM
Re: Are all terminals connected to Terminal Server locked out
that definately looks like something - will test this tomorrow.