General
cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to log in to a user account

Yaroki
Super Advisor

Unable to log in to a user account

Hello,

 

I'm running an HP-UX B.11.11.

 

When trying to log in a specific account I receives an error message, and the login process terminates.

 

I can remotely connect to this account via ssh and it looks fine.

 

Please see the attached error message.

 

BR,

Yali

24 REPLIES
Dennis Handly
Acclaimed Contributor

Re: Unable to log in to a user account (CDE)

Have you tried a CDE Failsafe Session?

You can login to other users?

Yaroki
Super Advisor

Re: Unable to log in to a user account

I did. But how can I fix the problem there?
I can login to other users.
Dennis Handly
Acclaimed Contributor

Re: Unable to log in to a user account

>But how can I fix the problem there?

 

Does Failsafe Session work for that user?

 

>I can login to other users.

 

Anything special about that user's ~/.profile or ~/.Xdefaults?

Have you tried /usr/contrib/bin/X11/dr_dt?

Yaroki
Super Advisor

Re: Unable to log in to a user account

Yes, the FaailSafe session works for that user.

 

I compared the following files with other user:

~/.login ~/.profile ~/.dtprofile

The  all look the same.

 

I have already ran the scripts and fixed the following:

permissions for several files (i.e /etc/hosts was 664 -> 444)

Added the /var/adm/intsec file (was not exist)

And still I have a warning massage that I don't know how to fix as follow:

The  /  directory is not properly configured. The current configuration is:

drwxr-xr-x

owner = root

group = root

For HP CDE it should be

dr-xr-xr-x

owner = root

group = sys

 

After all the corrections I made lt is tsill impossible to log in the account.

 

Yaroki
Super Advisor

Re: Unable to log in to a user account

Any suggestions?

Matti_Kurkela
Honored Contributor

Re: Unable to log in to a user account

Google tells me that a common cause for CDE issues is the inability of the server to look up its own hostname. If the hostname resolution files like /etc/hosts, /etc/nsswitch.conf or /etc/resolv.conf have non-standard permissions, one user might have problems while other users can use CDE normally. These files should be readable by everyone, but writeable by root only.
MK
Yaroki
Super Advisor

Re: Unable to log in to a user account

That's right. I have already ran that check script, which verify the correct permissions and fixed accordingly
/usr/contrib/bin/X11/dr_dt but still can't log in.
Yaroki
Super Advisor

Re: Unable to log in to a user account

Can anyone please help here?

Dennis Handly
Acclaimed Contributor

Re: Unable to log in to a user account

Are there any logs anywhere with errors?

Do you have any evidence that the users ~/.profile was accessed (ll -u) and when?

Yaroki
Super Advisor

Re: Unable to log in to a user account

I looked at /var/adm/syslog/syslog.log and no error regarding this issue where found.

Any other log file should I look for?

 

# ll -u ~dbmgr/.profile

 

shows that the last accessed was at 3 Jan.

sudheerch
Frequent Advisor

Re: Unable to log in to a user account

Can you please provide me the .profile file...

 

Matti_Kurkela
Honored Contributor

Re: Unable to log in to a user account

I finally found my old CDE troubleshooting notes.

 

Look at ~/.dt/startlog: it is a log file that stores session startup diagnostics from the latest CDE session. Older versions of the log are stored at ~/.dt/startlog.old and ~/.dt/startlog.older. The normal startup for user "foo" should look similar to this:

 

--- Tue Jun 16 14:47:11 EETDST 2009
--- /usr/dt/bin/Xsession starting...
--- Xsession started by dtlogin
--- sourcing /home/foo/.dtprofile...
--- sourcing /usr/dt/config/Xsession.d/0010.dtpaths...
--- sourcing /usr/dt/config/Xsession.d/0020.dtims...
--- sourcing /usr/dt/config/Xsession.d/0030.dttmpdir...
--- sourcing /usr/dt/config/Xsession.d/0040.xmbind...
--- sourcing /usr/dt/config/Xsession.d/0060.srcsysenv...
--- sourcing /etc/dt/config/Xsession.d/8000.migration...
--- starting /usr/dt/bin/dthello &
--- starting /usr/dt/bin/dtsearchpath -ksh
--- starting /usr/dt/bin/dtappgather &
--- execing /usr/dt/bin/dtsession ... not sourcing /home/foo/.profile (see /home/foo/.dtprofile) 

 

 

The user in this example had a ~/.dtprofile file. The CDE reads ~/.profile only if ~/.dtprofile does not exist, or if ~/.dtprofile explicitly tells the system to read ~/.profile too.

 

One of my old notes says: "If there are 'unable to open display' errors in the ~/.dt/startlog* files, see if the user has hardcoded the DISPLAY variable to some value in ~/.dtprofile or ~/.profile." If the user logs in locally, the DISPLAY variable is provided automatically by the dtlogin process that starts the user's session.

 

There are other CDE session log files that might be useful too: ~/.dt/errorlog and the directory ~/.dt/sessionlogs/.

 

(edit: fixed the line breaks.)

MK
Yaroki
Super Advisor

Re: Unable to log in to a user account

Dear Matti,

 

Thank you for your reply.

 

I checked the log files ~/.dt/startlog and .old and there where some error messages there.

All lights direct me, as you did, to the ~/.dtprofile file.

I viewed this file and even compare it with other users including root but I found no differences.

 

Please see the attached files. 

Matti_Kurkela
Honored Contributor

Re: Unable to log in to a user account

The only error message I saw was:

touch: /ednop/dbmgr/.dt/sessionlogs/erez2_DISPLAY=8.12.4.198:3 cannot create

The rest were standard diagnostic messages.

 

But if the permissions of /ednop/dbmgr/.dt/sessionlogs/ directory allow the user to write into this directory, something else may be preventing the user from creating any files.That would definitely cause problems for the CDE session.

 

Is the user currently restricted by a disk quota? If you are not sure, this command should tell you:

quota -v <username>

 

If the disk quota is configured and the user currently has more files than the quota allows, the user cannot create any new files at all. This will cause the CDE session setup to fail. As a sysadmin, your options are to either help the user remove some unnecessary files (or store them somewhere else), or to adjust the quota to suit the user's needs (assuming that the user has a legitimate requirement for more disk space).

 

The pathname in the error message also indicates the user's home directory is not the usual /home/<username>, but /ednop/dbmgr. This sounds like a filesystem that is configured for some specific application: have you checked that the filesystem is not full?

 

The DISPLAY variable currently contains an IP address instead of a hostname. That may indicate hostname resolution issues. If you run "nslookup 8.12.4.198" on the server, the response should include a valid hostname for the system with that IP address. (Yes: it means that if the user is logging on using Reflection/X or similar from a remote workstation, the the server needs to be able to resolve the hostname of the workstation.)

 

The server also always needs to be able to resolve its own hostname. Find the IP address(es) of the server and use the nslookup command (as above) to verify that the address(es) are correctly resolvable to the server hostname ("erez2", I believe).

 

A basic X application might handle a DISPLAY variable with an IP address instead of hostname just fine, but if I recall correctly, a full CDE desktop session needs the hostname.

 

Also, the DISPLAY=8.12.4.198:3 means a 4th X display on system with the IP address 8.12.4.198, or that the X server process that actually draws the stuff on the user's display is running on port 6003. As the screenshot in your original post indicated you can see the CDE copyright messages, this is probably not an error, but just a slightly unusual configuration.

MK
Yaroki
Super Advisor

Re: Unable to log in to a user account

I might provide more information regarding this issue.

 

HP-UX is running the application here and connect to the "ednop"

 

"ednop" is a netup or a disk storage that store all data.

 

 

The users login to the system via exceed (v.14). But I checked the login to this specific user directly in front of the HP-UX machine and the same error message received.

 

In addition,  all other accounts are accessible and can be logged in via exceed.

 

 

# quota -v dbmgr

 

gives

 

Disk quota for dbmgr (uid 247) and no error or unusual message.

 

# nslookup 8.12.4.198 

can be resolved. this is my pc IP address from which I run the exceed program and communicate the HP-UX machine.

This IP address has been added to the /etc/hosts.

 

Anyways, I will backup data from dbmgr and make some more space there. 

 

BR,

Yali

 

 

Matti_Kurkela
Honored Contributor

Re: Unable to log in to a user account

> "ednop" is a netup or a disk storage that store all data.

 

So it is a separate filesystem? Is it a remote filesystem, like a NFS mount? (What does "mount | grep ednop" say?)

 

If it is a remote filesystem (e.g. NFS or CIFS), then the server that actually holds the disks may still be implementing quotas or other restrictions. Or it might have an error condition that produces a meaningful error message only on the server that has the actual disks.

MK
Yaroki
Super Advisor

Re: Unable to log in to a user account

So it is a separate filesystem? Is it a remote filesystem, like a NFS mount? (What does "mount | grep ednop" say?)

 

Yes, it is NFS mount

 

# mount | grep ednop

 

/ednop on ednop:/vol/vol0/scc soft,rsize=32768, wsize=32768, NFSv3 

 

 

> If it is a remote filesystem (e.g. NFS or CIFS), then the server that actually holds the disks may still be implementing quotas or other restrictions. Or it might have an error condition that produces a meaningful error message only on the server that has the actual disks.

 

If so, why for this specific user account only?

 

Matti_Kurkela
Honored Contributor

Re: Unable to log in to a user account

Maybe this user has a disk quota on ednop, and the rquotad daemon (the daemon that provides remote quota information to NFS clients) is not running on host ednop, or is blocked by firewalls?

 

The error message I noted previously indicates that the dbmgr user cannot create a file in a subdirectory of his home directory. That is not normal. Whatever the cause is, it might be preventing dbmgr from creating other files too. One of those files might be a file that is required for a successful CDE session.

 

Are the file permissions of the sessionlogs directory (and its parent directories) properly set, so that the dbmgr user can access his home directory, and write to files and sub-directories within it?

 

# ll -d /ednop/dbmgr/.dt/sessionlogs
# ll -d /ednop/dbmgr/.dt
# ll -d /ednop/dbmgr
# ll -d /ednop
# ll -d /

 

If possible, log in to host ednop, and verify the overall health of the filesystem /vol/vol0/scc there. Also check for disk quotas.

 

The ednop server ultimately controls what the dbmgr user can write and what it cannot. If a disk quota or some other restriction has been applied to dbmgr on that host, the restriction is probably in effect over the NFS mount too. The ednop server might be stopping the dbmgr user from creating files, but unable to report the reason of the restriction over the NFS protocol. You might get more information by checking the state of the filesystem locally.

 

If it is possible to log in to ednop as dbmgr, can you create files to /vol/vol0/scc/dbmgr/.dt/sessionlogs locally?

The answer to this question should help in locating the problem:

If you can, the problem is probably caused by something NFS-related: UID/GID mismatch, the user being a member of too many groups, etc.

If you cannot, the problem is definitely caused by something on the ednop server, probably at the filesystem level or lower.

 

If there is a localized failure of the physical disk surface, it might first appear as a filesystem corruption in an essentially random location... and over NFS, it might be apparent only as strange behavior like this.

MK
Yaroki
Super Advisor

Re: Unable to log in to a user account

Hello,

 

I found the solution.

 

That was a permission problem. Somehow, files under the home directory of different users receives NUMBERS (such as 110 or  114 or other combination of 3 digits No.) instead of the owner permission name of a specific user account.

 

In this case I changed the owner permission to dbmgr and removed the .Xauthority of the dbmgr user.

Then logged in successfully.

 

Can someone explain me why these permissions changed and how to prevent it to reoccur?

 

BR,

Yali

Dennis Handly
Acclaimed Contributor

Re: Unable to log in to a user account

>why these permissions changed and how to prevent it to reoccur?

 

(You didn't change permissions, just ownership.)

Are you using NIS?  This could happen if something goes wrong with the NIS server.

Or the permissions on /etc/passwd aren't readable by everyone.

Yaroki
Super Advisor

Re: Unable to log in to a user account

No, I am not using NIS. But It might concern to removing users'  accounts without deleting its home directories.

 

Then, something with their ownership file pass randomly to other existing user as a number.

 

But I don't know it for sure and furthermore, how to handle it...

Dennis Handly
Acclaimed Contributor

Re: Unable to log in to a user account

>But It might concern to removing users'  accounts

 

Yes, if you delete user accounts, there no longer is a passwd entry to translate the UID into a name.

Yaroki
Super Advisor

Re: Unable to log in to a user account

So, it inherited numbers instead?

 

What should I do now in order to overcome the problem? (it happens from time to time).

Dennis Handly
Acclaimed Contributor

Re: Unable to log in to a user account

No, files always have numbers.  They just don't get translated to readable names.

 

>What should I do now in order to overcome the problem?

 

If you delete a user, you need to change ownership of all of the files owned by that user.

(Or you just "*" out that user passwd entry and keep it around.)