passwords gone bad

[ctmedina]

Hey I had this strange thing happen. Maybe someone can shed some light. I do not want to complain about Mitel vendors/resellers/ whatever, but I am just laying out the facts...

We installed a 3300 system about 2 years ago. From the start the installer changed the default password and did not give us the password. We tried in vain to get it and everntually the system was locked out. I am sure you guys are familiar with being locked out of a mitel 3300. Finally after months with going back and forth with our reseller they ate the cost of Mitel unlocking it and we were given some password. It did have root access so that is fine.

(I know you guys that do this for a liviing, actual techs I mean. Might disagree with me. I am an end user I guess. Not sure where everyone falls on this forum. I am not certified by Mitel or have ever had any formal training from Mitel. I still want to have access to what I am buying even though someone else is supporting it. But more and more I find myself supporting it and only...well that is a long post I will not get into right now)

Back to the story. We have not had to log into this system for a while since it was running hunky-dory! Then we had some problems, dead air when calling in and not being able to dial out. Sounds more like a line problem, but our reseller sent a ticket to the local vendor to investigate. The system has analog lines by the way. So the tech goes out, he is not able to log into the system becasue it is not the default. So he leaves. Next day I follow up and have to send them back over there. At this point I log into the system poke around. I do not see anything wrong so I wait. Next day tech gets there and says I cant login! I had previously provided the same credentials I used to login the day before. Still he was not able to log in?

Has anyone ever had a password get corrupt? I have another non-root account that I am still able to login with. What can I look at to see if the password was changed?

Any suggestions?

Carlos

[bobcheese]

you can look at maintenance logs to see if someone logged into the system and see what username was used when they logged in.

[ralph]

ctmedina,
I assume you are not on site when he tries to log in.   Is he calling you from site or from his remote center?
If he is on site and you are remote, while he is still there see if you can log in with the same username and password he has.


General discussion:
I work for a vendor.  Password control is something I'm actually studing now.   In general, we believe that the customer bought the system and should own the password.   But the question is, what happens if a switch is under maintenace contract and the customer messes something up?   In our case, we have hundreds of systems in the field and generally experience has shown that isn't a major problem.  It happens.  We might bill the customer (might not too) to fix it but usually we don't have that kind of problem.   We expect the end customer to be able to do their own basic MAC if they want to.  We'll even come out and train the admin.  Usaully if a mistake is made we explain what happened and how to do it right the next time all under contract.

But password control bring up a big issue.   Who is repsonsible if a password get's released into the wild?  Will the end user blame the vendor?  The passwords don't have to be the same but...

Just some of my thoughts on what I'm working on now.

Ralph

[ctmedina]

Thanks for the replies.

I am not onsite and I have tried to use the same credentials and I cannnot log in now even though I could just a couple of days ago. I fully agree that if I (or any owner) totally hose the system becasue of ignorance or malice then even if it is under contract the owner should pay for extra time parts to replace.

A good analogy is if you buy car and you go in and remove the raditor cap on purpose. I do not think the dealer would look the hood so you wont be able to do it again! I know itis a bad analogy.

This is freakin crazy! I just tried it and I can log in with the original credentials. I am exporting the log so I can analyze it in excel...I recenty discovered conditional formatting and now I do it whenever I have an excuse to! But that is for another forum!

I will post what I find out.

Carlos

[ctmedina]

I attached a screen cap of my color coded log. This shows the login attempts by the local guy! He freakin locked the account out!

I could have sworn I have gotten a specific message saying the account yada yada is locked out. So at least I am not going crazy and this guy is not trying to mess with me. He just does not know how to read...

Thanks for the input. I hope someone finds this helpful someday.

Carlos

[ctmedina]

What does "System Data Synchronization Administration" mean in the login/logout audit log?

Carlos Medina

[ralph]

It means your 3300's are talking to each other to update each others data bases.

Ralph

[ctmedina]

Hmmm, but the source IP is not from one of the other 3300s. The IPs are from different DHCP addresses. Not even addresses assigned to phones. To actual PCs? Some are from my station? Does that make sense?

Carlos Medina

[v2win]

If you are talking about the first four lines on your screen shot?

If you look in the login ID column it says the user id that was logged in.

It is not the SDS account.

[ctmedina]

Actually out of curiousity I pulled the log from my Mxe system and I am seeing the entries in there.

Username is system and it is coming from several different IPs.

Carlos

[v2win]

What are the IP that its coming from?

OpsManager
PrairieFyre
Admin Consoles?

[ctmedina]

They are just DHCP addresses. What I am thinking is maybe when our Mitel guy comes in he backs up the 3300 before we make any changes or upgrades. I looked in our DNS and I do not show those IPs in there any more.

Our PF server, Ops Man, and Admin console all have static IPs.

Hmmmmm, the mystery continues. I will keep looking and post what I find.

Carlos

[v2win]

Try looking in your DHCP server under active leases. It should have the machine name and other info that might help you out.