https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551281#M28131 tarek-<BR /><BR />while you're in there, take a look at why the account was disabled (password expire, etc). you might want to change this at the same time so that you don't have to do it again later (since it's a bit of a pain to deal with root being disabled). Just a thought.<BR /><BR />Mark Wed, 11 Jul 2001 12:11:42 GMT Mark Vollmers 2001-07-11T12:11:42Z https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551277#M28127 Hi all,<BR />i'm trying to telnet to a ws, but while i'm putting the password i have the error:<BR />Account is disabled -- See Account Administrtator<BR />Is it possibile to enter again remotely without going to the ws personally??<BR />Thanks<BR /><BR /><BR /> Wed, 11 Jul 2001 10:47:53 GMT https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551277#M28127 Tarek 2001-07-11T10:47:53Z https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551278#M28128 If the account is disabled the only way to fix is to log into the workstation or onto its console and reset the account which is disabled. If its root then you will need to reboot it in single user mode to reset. Wed, 11 Jul 2001 11:22:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551278#M28128 Stefan Farrelly 2001-07-11T11:22:09Z https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551279#M28129 Hi <BR /><BR />there is 2 option for thisd problem .<BR /><BR />1. if you system is a trusted system then<BR /><BR />If the user doesn't login and the Maximum Period of Inactivity<BR />is set back to the default, then the account remains locked.<BR />SAM will not reactivate an account that has been deactivated due<BR />to the Maximum Period of Inactivity being exceeded. SAM indicates<BR />the account is being reactivated for the last login time has expired,<BR />but the reactivate/deactivate action always stays at reactivate.<BR /><BR />When this problem occurs it may be due to the user never logging<BR />in since the system was trusted. After using SAM or<BR />/usr/lbin/modprpw -k to reactivate the account, executing getprpw<BR />to determine the lockout reason will always reflect lockout=0100000.<BR />For example:<BR /><BR /> /usr/lbin/getprpw -m lockout username<BR /> lockout=0100000<BR /><BR />The user may not have a field named u_suclog in their tcb database<BR />file (/tcb/files/auth/*/username) which contains the system<BR />time of the last successful login to the account.<BR /><BR />SAM and /usr/lbin/modprpw seem to only update this field to<BR />reactivate an account if the field already exists. Normally when<BR />the system is trusted the u_suclog entry should be included in<BR />the users database file. But when it isn't and the user doesn't<BR />login before the period of inactivity is exceeded, this problem<BR />occurs.<BR /><BR />To resolve this problem, do the following:<BR /><BR />1. In SAM, under General User Account Policies, disable the<BR /> user's security policy referred to as: Maximum Period of<BR /> Inactivity on Account (days).<BR /><BR />2. Reactivate the account and have the user login.<BR /><BR /> This will add the u_suclog entry to the user's database file.<BR /><BR />3. Enable the user's Maximum Period of Inactivity on Account<BR /> (days) security policy.<BR /><BR /><BR /><BR />if your system are not a trusted system i will check to see if the password is more then 8 char or you never login with the user to the system . Wed, 11 Jul 2001 11:24:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551279#M28129 eran maor 2001-07-11T11:24:37Z https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551280#M28130 Thanks both. I hadn't specified before,<BR />but i'm root user. So i will boot in single user and change the password. I thought that maybe there was another way without going personally to the place where the WS is.<BR />Thanks for your help.<BR />Tarek Wed, 11 Jul 2001 11:50:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551280#M28130 Tarek 2001-07-11T11:50:25Z https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551281#M28131 tarek-<BR /><BR />while you're in there, take a look at why the account was disabled (password expire, etc). you might want to change this at the same time so that you don't have to do it again later (since it's a bit of a pain to deal with root being disabled). Just a thought.<BR /><BR />Mark Wed, 11 Jul 2001 12:11:42 GMT https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551281#M28131 Mark Vollmers 2001-07-11T12:11:42Z https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551282#M28132 Thanks Mark.<BR />How can i know how was the password disabled??<BR />If there something to check?? Wed, 11 Jul 2001 12:29:27 GMT https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551282#M28132 Tarek 2001-07-11T12:29:27Z https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551283#M28133 tarek-<BR /><BR />There are a number of things that could cause root to be disabled. It could be a security thing that disables accounts that are inactive for x amount of time (this is set in SAM). It could also be that root lockup up after a number of failed attempts. It could also be that the password expired. I'd go into SAM (once you set the password) and check the aging and security. Also, the last and lastb commands will show who is logging in and failed logins (lastb for this one). If root shows up a lot in the failed log, then someone is trying to log in using that account. Good luck!<BR /><BR />Mark Wed, 11 Jul 2001 13:25:53 GMT https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551283#M28133 Mark Vollmers 2001-07-11T13:25:53Z https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551284#M28134 The fault of the account disabled was because of 3 bad logins. I booted in single user and changed the password, but it still didn't allow me to enter. How can i do? Thu, 12 Jul 2001 05:33:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551284#M28134 Tarek 2001-07-12T05:33:18Z https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551285#M28135 Hi,<BR /><BR />Is your system trusted??<BR /><BR />What you have done is actually changed<BR />the root password but the account remains<BR />locked. If the system is trusted you can <BR />try and unlock the account using the <BR />'modprpw' command<BR /><BR /># /usr/lbin/modprpw -k root<BR /><BR />Suggest you invest some time and install<BR />a product called 'sudo'. It can be found <BR />at the following link. This product can be used to be the root user without directly using the 'root' account and not knowing the password.<BR /><BR /><A href="http://www.courtesan.com/sudo/" target="_blank">http://www.courtesan.com/sudo/</A><BR /><BR /><BR />HTH<BR />Michael Thu, 12 Jul 2001 05:42:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551285#M28135 Michael Tully 2001-07-12T05:42:55Z https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551286#M28136 How can i know if my system is trusted or not??? Thu, 12 Jul 2001 06:08:58 GMT https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551286#M28136 Tarek 2001-07-12T06:08:58Z https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551287#M28137 tarek-<BR /><BR />You should be able to tell if it is in SAM (under auditing and security, I think). Of course, you need to be able to get in first. I'd try the command that Michael gave; if it is a trusted system, it should work. If not, it will probably do nothing. You can't get at the account right now, so it's not like you can screw it up. :) Also, since you now know that it locked up on bad logins, make sure that you were the one attempting to login and not one of your users who's doing stuff they shouldn't be doing. Good luck.<BR /><BR />Mark Thu, 12 Jul 2001 13:50:49 GMT https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551287#M28137 Mark Vollmers 2001-07-12T13:50:49Z https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551288#M28138 Hi Tarek,<BR /><BR />The easiest way to tell if your system is<BR />trusted or not is tee if the password <BR />encryptions in the password file. If there<BR />are then your system is not trusted. If <BR />there is an '*' in the second field then<BR />the system is trusted. As Mark has pointed<BR />out the 'modprpw' program will only work<BR />on a trusted system.<BR /><BR />Hope this clarifies things<BR /><BR />Regards<BR />Michael Thu, 12 Jul 2001 23:35:44 GMT https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551288#M28138 Michael Tully 2001-07-12T23:35:44Z https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551289#M28139 To find you are in a trusted system; see any files are there in /tcb directory.If the directory is not empty the system is trusted. Fri, 13 Jul 2001 15:37:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/account-is-disabled-see-account-administrtator/m-p/2551289#M28139 G.Kumar 2001-07-13T15:37:25Z