Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
462
Views
0
Helpful
1
Replies

PAM user error on ids 4235 Version 4.1(5)S190

garyprice
Level 1
Level 1

‎09-12-2005 05:24 AM - edited ‎03-10-2019 01:37 AM

this is error message

Sep 9 14:34:30Sep 9 14:34:31 Defiant pam_tally[1321]: pam_tally: pam_get_uid; no such user "sensor name"

it is occuring every minute.

any ideas?

Labels:
0 Helpful
1 Reply 1

a.arndt
Level 3
Level 3

‎09-13-2005 05:06 AM

I can only hazard a guess. It looks like something is trying to login in to your sensor, and it is most likely automated.

Is it possible that some kind of network management system is probing your system? Do you have TELNET enabled? WhatsUp from Ipswitch is known to tickle telnet servers with a generic account, I believe, in order to determine the status of the server (up or down)…

Another possibility is that you have a RDEP / SDEE client with a misconfigured username (read: typo) trying to access alarms on the sensor.

Have you sniffed your Command and Control interface to see what the offending packets look like?

Alex Arndt

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card