HPE Community
Operating System - HP-UX
1836867 Members
3804 Online
110110 Solutions
New Discussion

Account disabled - please help

 
SOLVED
Go to solution
enrico.nic
Regular Advisor

‎06-07-2005 08:28 PM

‎06-07-2005 08:28 PM

Account disabled - please help

Hi

I've just set a small password expiration policy on the hp-ux server, through sam. I remember I didn't set the option "Expire all accounts now", and after that I did a logout.
Now, and I don't understand why, every account has been disabled - not expired, disabled.
I tried to login as root from the console, but I obtain an error after giving the right password:

Console Login: root
Password:
Account is disabled but console login is allowed.
Last successful login for root: Wed Jun 8 09:10:18 MET-1METDST 2005 on conso
Last unsuccessful login for root: Wed Jun 8 10:18:22 MET-1METDST 2005 on conso
Your password has expired.
Choose a new password.
Changing password for root
Old password:
Sorry.
Login aborted due to no password.

I tried 3 or 4 times, but at the prompt "Old password" I gave the right password, at least once.

Please help
0 Kudos
Reply
13 REPLIES 13
MarkSyder
Honored Contributor

‎06-07-2005 08:32 PM

‎06-07-2005 08:32 PM

Solution

Re: Account disabled - please help

Unless someone can come up with a better idea I think you're going to have to reboot in single user mode and reset the root password.

Mark Syder (like the drink but spelt different)
The triumph of evil requires only that good men do nothing
Reply
Joseph Loo
Honored Contributor

‎06-07-2005 08:33 PM

‎06-07-2005 08:33 PM

Re: Account disabled - please help

hi,

to enable account from console:

# /usr/lbin/modprpw -k root

however, if u have problem even accessing from console after login. u may have to reboot to single user mode and change the root password.

regards.
what you do not see does not mean you should not believe
0 Kudos
Reply
Suraj Singh_1
Trusted Contributor

‎06-07-2005 08:36 PM

‎06-07-2005 08:36 PM

Re: Account disabled - please help

Hi,

Can you logon to the system as some other user, and then su to root?

If not, then the only option i see is to boot the system in single user mode, and change the root's password.

Interrupt the boot process, interact with ISL, and give hpux -is

Regards
What we cannot speak about we must pass over in silence.
Reply
Victor BERRIDGE
Honored Contributor

‎06-07-2005 08:48 PM

‎06-07-2005 08:48 PM

Re: Account disabled - please help

Hi,
You seem to be in little trouble dear friend,
just to clarify:
What OS are you running,
We agree your system is trusted, yes?

One more point that can make a difference is there still anyone there with an open connection?

Last Who else know the root passwd?
It might look silly but I was caught once while doing some tasks on a trusted system, that someone changed the passwd WITHOUT saying anything, you can imagine what follows...

Waiting for your reply

All the best
Victor
0 Kudos
Reply
Simon Hargrave
Honored Contributor

‎06-07-2005 08:54 PM

‎06-07-2005 08:54 PM

Re: Account disabled - please help

Do you run IT/O in your environment? If so you may be able to create or use an IT/O application to run a root shell on that server to run the modprpw commands you require, without a single-user reboot.
0 Kudos
Reply
enrico.nic
Regular Advisor

‎06-07-2005 09:15 PM

‎06-07-2005 09:15 PM

Re: Account disabled - please help

Unfortunately nobody is logged in interactively.

Oracle has been shut down, from the enetrprise manager of a client.
Samba is active, but I can stop its processes through SWAT.
Webmin is active - but I think it cannot be used for a clean shutdown.

I had a "shutdown user" that could log on only from the console, but on an old machine ...


Thank you for all your suggestions

Enrico

0 Kudos
Reply
enrico.nic
Regular Advisor

‎06-07-2005 09:15 PM

‎06-07-2005 09:15 PM

Re: Account disabled - please help

Unfortunately nobody is logged in interactively.

Oracle has been shut down, from the enetrprise manager of a client.
Samba is active, but I can stop its processes through SWAT.
Webmin is active - but I think it cannot be used for a clean shutdown.

I had a "shutdown user" that could log on only from the console, but on an old machine ...

I am running HP-UX 11.11 in trusted mode.

Thank you for all your suggestions

Enrico

0 Kudos
Reply
Amit Agarwal_1
Trusted Contributor

‎06-07-2005 09:23 PM

‎06-07-2005 09:23 PM

Re: Account disabled - please help

Do you have a .rhosts entry for any user on this system. Try rlogin in that case.
0 Kudos
Reply
Mobeen_1
Esteemed Contributor

‎06-07-2005 09:26 PM

‎06-07-2005 09:26 PM

Re: Account disabled - please help

Enrico,
Since you don't have any interactive logins on your system now, i would think the best bet under the given circumstances would be to boot up your system in single user mode and follow the procedure for gaining root access as posted in some prior posts.

regards
Mobeen
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎06-07-2005 10:22 PM

‎06-07-2005 10:22 PM

Re: Account disabled - please help

The problem occured bcas your root account password age is expired. It prompted for old password but you typed wrong one. root account is disabled except console login.

Try to reboot machine in single user mode that is stop at prompt and boot as hpux -is mode.

change the passwd there and disable the lock to root account.

hth.

Easy to suggest when don't know about the problem!
0 Kudos
Reply
enrico.nic
Regular Advisor

‎06-08-2005 06:09 AM

‎06-08-2005 06:09 AM

Re: Account disabled - please help

Ok, thank you for all your replies.

I've finally followed the following steps:
- stopped Oracle, samba and mysql processes (respectively, through enterprise manager, swat and webmin)
- performed a brute shutdown
- started in single user mode
- fsck'ed and mounted all file systems
- removed and reentered the root password, re-enabled the root account (modprpw -k)
- reboot

What remains absolutely unclear for me is the answer of the system after the previous (attempted) logon:

Changing password for root
Old password:
Sorry.
Login aborted due to no password.

Again, thank you all for the prompt replies

Enrico
0 Kudos
Reply
Devesh Pant_1
Esteemed Contributor

‎06-08-2005 02:32 PM

‎06-08-2005 02:32 PM

Re: Account disabled - please help

I am hoping things are okay now. But if for some reason modprpw had issues, you could edit the /tcb/files/auth/r/root file and changed deleted everything on the line :u_pwd between the characters "=" and ":\" ( ignore the double quotes)
eg:
:u_pwd=Dafs5Dk.4fHmsdbUuNs:\ can be made

:u_pwd=:\

and after this you can easily change the password for root

thanks
Devesh
0 Kudos
Reply
Devender Khatana
Honored Contributor

‎06-08-2005 04:32 PM

‎06-08-2005 04:32 PM

Re: Account disabled - please help

Hi,

The reason for this prompt was because your system is a trusted one. Whenever you change passwd in trusted system it asks for old password. But I am also unclear about "no passwd" Did not you type old password or even after typing old password this message came ?

HTH,
Devender
Impossible itself mentions "I m possible"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.