HPE Community
Operating System - HP-UX
1751972 Members
5391 Online
108784 Solutions
New Discussion юеВ

Re: unable to login as root ( Account is disabled - see Account Administrator)

 
SOLVED
Go to solution
Jerry_109
Super Advisor

тАО01-07-2008 11:06 AM

тАО01-07-2008 11:06 AM

unable to login as root ( Account is disabled - see Account Administrator)

HP-UX fdhp31 B.11.23 U 9000/800/A500-7X
########################

$ cat /etc/passwd | grep root
root:*:0:3:root on fdhp31:/root:/sbin/sh

$ su -
Password:
Account is disabled - see Account Administrator

$ cat /etc/securetty
/dev/console
0 Kudos
Reply
16 REPLIES 16
Robert-Jan Goossens
Honored Contributor

тАО01-07-2008 11:18 AM

тАО01-07-2008 11:18 AM

Solution

Re: unable to login as root ( Account is disabled - see Account Administrator)

Hi Jerry,

You should be able to logon from the console, use "/usr/lbin/modprpw -k root" to unlock the root account.

Regards,
Robert-Jan
Reply
Tim Nelson
Honored Contributor

тАО01-07-2008 11:21 AM

тАО01-07-2008 11:21 AM

Re: unable to login as root ( Account is disabled - see Account Administrator)

As mentioned.

You have two constraints.

1) direct login of root via telnet is restricted to the system console via the /etc/securetty file

2) account is disabled but the disable is overridden if login is from /dev/console.

modprpw -k root will remove the lock.

I personnally do not set an expire time on my root account, I diligently change it every 30 days. ( this assumes it became disabled due to expiration, not for some other reason like too many attempts ).



Reply
Jerry_109
Super Advisor

тАО01-07-2008 11:30 AM

тАО01-07-2008 11:30 AM

Re: unable to login as root ( Account is disabled - see Account Administrator)

unable to access root via console. I can access with userid j4s9389, but cannot su - :

# telnet fdhp31c
Trying...
Connected to fdhp31c.scif.com.
Escape character is '^]'.
Local flow control off

Service Processor login: root
Service Processor password:




Hewlett-Packard Guardian Service Processor

(c) Copyright Hewlett-Packard Company 1999-2002. All Rights Reserved.

System Name: fdhp31c



[Read only - use ^Ecf for console write access.]

[bumped user - ]


GenericSysName [HP Release B.11.23] (see /etc/issue)
Console Login: root
Password:
Login incorrect

Wait for login retry: ..
login: j4s9389
RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the U.S. Government is subject to
restrictions as set forth in sub-paragraph (c)(1)(ii) of the Rights in
Technical Data and Computer Software clause in DFARS 252.227-7013.


Hewlett-Packard Company
3000 Hanover Street
Palo Alto, CA 94304 U.S.A.

Rights for non-DOD U.S. Government Departments and Agencies are as set
$ su -
Password:
Account is disabled - see Account Administrator
su: Sorry
$
0 Kudos
Reply
Tim Nelson
Honored Contributor

тАО01-07-2008 11:40 AM

тАО01-07-2008 11:40 AM

Re: unable to login as root ( Account is disabled - see Account Administrator)

This looks to me that after connecting to the console you have the wrong password for "root"

GenericSysName [HP Release B.11.23] (see /etc/issue)
Console Login: root
Password:
Login incorrect


After you log in as another user and try to su you are being denied because the password for root is disabled.

Reply
Jerry_109
Super Advisor

тАО01-07-2008 11:45 AM

тАО01-07-2008 11:45 AM

Re: unable to login as root ( Account is disabled - see Account Administrator)

Yes, I think you are correct. Now how do I correct the problem ?
0 Kudos
Reply
OldSchool
Honored Contributor

тАО01-07-2008 12:06 PM

тАО01-07-2008 12:06 PM

Re: unable to login as root ( Account is disabled - see Account Administrator)

you're probably going to have to boot into single user mode...once there you should be able to access the root account

site search is having problems, but you should find some help via google. search

root locked site:itrc.hp.com
Reply
Dennis Handly
Acclaimed Contributor

тАО01-07-2008 12:09 PM

тАО01-07-2008 12:09 PM

Re: unable to login as root ( Account is disabled - see Account Administrator)

>unable to access root via console.

You're accessing the machine through the GSP, not the console. I assume they are different.
Reply
Tim Nelson
Honored Contributor

тАО01-07-2008 12:12 PM

тАО01-07-2008 12:12 PM

Re: unable to login as root ( Account is disabled - see Account Administrator)

If you do not have access to the root password then one of two things.

1) if you have delgated shutdown privelages (someplaces do this for their operations staff ) then reboot the system nicely to single user mode and reset root's password.

2) if no abitlity to shutdown nicely then you will have to crash the server via the MP TOC or reset options (or power on/off ), then interupt the boot process and boot to single user and fix the password. Shutting down any and all applications first will reduce the risk of data loss.



Reply
Norman_21
Honored Contributor

тАО01-07-2008 04:01 PM

тАО01-07-2008 04:01 PM

Re: unable to login as root ( Account is disabled - see Account Administrator)

The /dev/console means that you won't be able to telnet as root but it's funny this file doesn't apply to SSH so if you have SSH you should be able to login as root assuming the account is not disabled.

About the locked account. Is this a trusted system?
You should create additional rootxx as a duplicate root account level for backup or setup sudo to save you from such situations in the future.

You don't have many options my friend. Since this an A-Class 500 System, just go to the Console and hit CTRL+B and then from the GSP prompt type "rs" and say "y".

Interrupt the system during the boot process, then boot your system into single user mode, mount the file systems and edit the password file or if this is trusted system edit the /tcb/files/auth/r/root file to remove the lock. You could also run the commands instead of editing the files manually.

Hope this help
"Attitudes are contagious, is yours worth catching"/ My first point was given by SEP on January 31, 2003
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.