HPE Community
Operating System - OpenVMS
1751953 Members
4981 Online
108783 Solutions
New Discussion юеВ

pathworks external authentications troubleshooting?

 
SOLVED
Go to solution
James Cordill
Advisor

тАО07-24-2008 05:51 AM

тАО07-24-2008 05:51 AM

pathworks external authentications troubleshooting?

We use pathworks only for external authentication, and every now and then it just stops working. The docs are little help in troubleshooting, they just seem to imply that you turn it on and it just works.
Details: OpenVMS v7.3-2 Alpha, PW v6.1 I think, at least that is what PWVERSION command gives.
When its not working, when one tries to login, you get the username prompt, a long pause then the password prompt that always fails to work.
No error messages in any logs, other then bad password.
Any tips, hints????
0 Kudos
7 REPLIES 7
John Gillings
Honored Contributor

тАО07-24-2008 06:00 PM

тАО07-24-2008 06:00 PM

Solution

Re: pathworks external authentications troubleshooting?

James,
The pause sounds like a network problem talking to the authentication system. Maybe a DNS translation problem? Do PING and NSLOOKUP work?

Might be interesting to try logging in at the console.
A crucible of informative mistakes
0 Kudos
Paul Nunez
Respected Contributor

тАО07-25-2008 06:54 AM

тАО07-25-2008 06:54 AM

Re: pathworks external authentications troubleshooting?

Hi James,

to troubleshoot:

$ define/system/exec sys$single_signon 80000001
$ reply/enable=security

The error could help a lot or a little.

If PATHWORKS is having problems communicating with a domain controller (you didn't indicate what role - PDC, BDC, or Member server of the PATHWORKS server) to authenticate a user, it's pretty good about logon NETLOGON messages in its System event log:

$ admin show events/full/since[=
0 Kudos
James Cordill
Advisor

тАО07-25-2008 10:25 AM

тАО07-25-2008 10:25 AM

Re: pathworks external authentications troubleshooting?

Paul, thanks for the tips. All of my VMS pathworks systems are member servers, after setting up the system logical and enabling opcom, when a user attempts to login, I see and error that indicated the userid is invalid( it not ), the error returned is:
13:21:00.16: SYS$LOGONW - ACME state = 80000005
13:21:00.16: Function = ACME$_MAP_TO_USERNAME
13:21:00.16: Attempting to map Userid "NRPE"
13:21:00.16: Userid found in SYSUAF
13:21:00.16: User does not have ExtAuth set
13:21:00.16: Username = NRPE
13:21:00.16: IOSB status follows:
13:21:00.16: %SYSTEM-S-NORMAL, normal successful completion
13:21:00.16: IOSB devdepend follows:
13:21:00.16: %NONAME-W-NOMSG, Message number 00000000

When I try the admin logon, it works fine but I did notice it logs into the bdc and not the pdc. I'll talk to the domain admin and see what he can find out in his logs.

The usuall fix it to putts around, removing and adding the node to the domain, and/or rebooting, neither is always effective, sometimes just waiting a day or two will magically fix itself. No real answer.
Again, thanks for the tips, if I can pin it down I will post the answer.
0 Kudos
Paul Nunez
Respected Contributor

тАО07-25-2008 10:36 AM

тАО07-25-2008 10:36 AM

Re: pathworks external authentications troubleshooting?

Hi James,

You stated:

...when a user attempts to login, I see and error that indicated the userid is invalid( it not ), the error returned is:
13:21:00.16: SYS$LOGONW - ACME state = 80000005
13:21:00.16: Function = ACME$_MAP_TO_USERNAME
13:21:00.16: Attempting to map Userid "NRPE"
13:21:00.16: Userid found in SYSUAF
13:21:00.16: User does not have ExtAuth set

The error returned was "User does not have ExtAuth set" or did you just post the wrong screen area?

Paul
0 Kudos
James Cordill
Advisor

тАО07-25-2008 10:57 AM

тАО07-25-2008 10:57 AM

Re: pathworks external authentications troubleshooting?

Yes, a bad posting. Here is the error:
13:56:16.70: SYS$LOGONW - ACME state = 80000005
13:56:16.70: Function = ACME$_MAP_TO_USERNAME
13:56:16.70: Attempting to map Userid "CORDILLJ"
13:56:16.70: Userid found in SYSUAF
13:56:16.70: ExtAuth is set for user
13:56:40.74: Return status from ACME map routine follows:
13:56:40.74: %ACME-E-NOSUCHUSERID, user-id does not exist or is invalid
13:56:40.74: ACME reason code = 2221
13:56:40.74: IOSB status follows:
13:56:40.74: %SYSTEM-F-INVUSER, no such user
13:56:40.74: IOSB devdepend follows:
13:56:40.74: %ACME-E-NOSUCHUSERID, user-id does not exist or is invalid
0 Kudos
Paul Nunez
Respected Contributor

тАО07-25-2008 11:39 AM

тАО07-25-2008 11:39 AM

Re: pathworks external authentications troubleshooting?

Hi,

Ok. Can't recall if PATHWORKS v6.1 only seeks out the domain PDC for extauth or if it seeks out any domain controller.

You might want to check if it can at least find the PDC:

$ @sys$startup:pwrk$define_commands
$ nbshow knbstatus

If there's no obvious NETLOGON error seen by $ ADMIN SHOW EVENTS/FULL/SINCE then you may need to resort to getting a network trace:

$ @sys$startup:tcpip$define_commands
$ tcpdump -s1518 -w a.cap port 53 or 137 or 138 or 139

Duplicate the extauth failure and then stop the trace with Ctrl+C. I think you can attach the capture file here and we can download for analysis but may want to zip it first with "-V" to retain file attributes...

Paul

Paul
0 Kudos
James Cordill
Advisor

тАО09-03-2008 07:46 AM

тАО09-03-2008 07:46 AM

Re: pathworks external authentications troubleshooting?

The problem was solved by rerunning the pwrk$config program and enabling WINS. Not sure how it got disabled, but its working now. Thanks to all who offered suggestions.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.