HPE Community
Operating System - HP-UX
1824984 Members
3680 Online
109678 Solutions
New Discussion юеВ

Re: how to fix "duplicate audit id"

 
John Kittel
Trusted Contributor

тАО03-31-2004 06:43 AM

тАО03-31-2004 06:43 AM

how to fix "duplicate audit id"

HP-UX 11.11, trusted.

authck tells me I have a couple accounts with duplicate audit ids. What is the proper way to fix this?

Can I just use vi to edit the proper file in the tcb and change the audit id?

For those accounts that have duplicate audit ids, in each case there are 2 accounts with the same id. I know which account I want to retain that id, and I know what the desired id is for the other account, and that that id is not in use. I know this because the system is a member of a serviceguared cluster, and the other cluster node is almost identical, except for this. The other node has noe authck warnings. So if using vi to change the tcb file will not leave or create some other side effect, then it will be a simple matter for me to fix.

- John Kittel
0 Kudos
Reply
10 REPLIES 10
Todd McDaniel_1
Honored Contributor

тАО03-31-2004 06:55 AM

тАО03-31-2004 06:55 AM

Re: how to fix "duplicate audit id"

You can use vipw...then run your pwck again or your trusted command to check /etc/passwd.

Make sure that ~home ownerships are right and file ownerships are as well.

Unix, the other white meat.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО03-31-2004 06:56 AM

тАО03-31-2004 06:56 AM

Re: how to fix "duplicate audit id"

A common issue after conversion to trusted:

http://forums1.itrc.hp.com/service/forums/parseCurl.do?CURL=%2Fcm%2FQuestionAnswer%2F1%2C%2C0x6fd10bce6f33d6118fff0090279cd0f9%2C00.html&admit=716493758+1080762752300+28353475

Happened to me as a matter of fact.

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=139389

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=67705

No perfect thread here. My notes are not available.

I probably have a software contract call on the issue. If I have time, and you havent indicated solution via rabbit, I may post in some text later today.

There is a solution in one of the above threads.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
John Kittel
Trusted Contributor

тАО03-31-2004 06:59 AM

тАО03-31-2004 06:59 AM

Re: how to fix "duplicate audit id"

Todd, unless I'm mistaken, I don't think your answer addresses my problem. I'm not talking about the uid in the passwd file. I'm talking about the audit id in the file in /tcb/files/auth/...

Home dir and file ownerships are all ok.

- John
0 Kudos
Reply
Todd McDaniel_1
Honored Contributor

тАО03-31-2004 07:00 AM

тАО03-31-2004 07:00 AM

Re: how to fix "duplicate audit id"

oops! my bad... aint the first time I misread a post!
Unix, the other white meat.
0 Kudos
Reply
John Kittel
Trusted Contributor

тАО03-31-2004 07:34 AM

тАО03-31-2004 07:34 AM

Re: how to fix "duplicate audit id"

No problem Todd.

Thanks for the reply SEP. I will probably still need some more help. Before posting my question I had already searched the forums and technical knowledge base and read several items including those you posted. But now I've gone back and re-read them. In two of them Shiju Wilson recommends a knowledge base doc 200000048391508 which I can't find by search for either subject or doc id. Almost all the stuff I'm finding relates to problems with cron and invalid audit id.

I did find a technical doc id KBRC00004823 regarding the error message "bad audit flag" during logon, and it suggests editing the tcb file to correct the info, so perhaps that would be an acceptable solution for me. However it states that the audit id should equal the line number in the passwd file for the acct, and that couldn't be right, could it? I mean, what if you delete an account... then the audit id's for all the subsequent accounts would be wrong.

I should also mention that I don't care about maintaining the cosistency of historical audit info, if any exists. I've never looked at or configured any auditing ( other than conversion to trusted). At this point I just want to get rid of the duplicates and get authck to stop warning me.

- John
0 Kudos
Reply
John Kittel
Trusted Contributor

тАО03-31-2004 08:19 AM

тАО03-31-2004 08:19 AM

Re: how to fix "duplicate audit id"

I see that "modprpw" allows modification of auditid. But of course the man page warns modprpw should only be used by SAM... so I am reluctant to try that.

- John
0 Kudos
Reply
Jeff Schussele
Honored Contributor

тАО03-31-2004 08:47 AM

тАО03-31-2004 08:47 AM

Re: how to fix "duplicate audit id"

Hi John,

modprpw can be safely used outside of SAM we do it all the time. You just want to be sure that you don't typo anything - like the user's name.
In your case syntax would be like:

/usr/lbin/modprpw -m audid=new_value -l user_name

Caveat here is the new audit ID can't exceed the next available ID & must be unique - or you're back in the same boat.
Then it can be checked with getprpw - like:

/usr/lbin/getprpw -l -m audid user_name

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
John Kittel
Trusted Contributor

тАО03-31-2004 10:22 AM

тАО03-31-2004 10:22 AM

Re: how to fix "duplicate audit id"

Thanks Jeff re: use of modprpw.

It has gotten a little more complicated. I now realize I was incorrect in my original post. I now see almost all the audit ids on the other node are different, even though the passwd files and most of the tcb files are otherwise identical. The underlying reason I'm discovering this now is because I am preparing to follow advice in technical doc id UXSGKBAN00000227 regarding syncing password on ServiceGuard hosts. It recommends copying the tcb files. I have already read other forum threads regarding use of NIS or LDAP for authentication in order to circumvent this ServiceGuard password sync issue and intend to go to LDAP later this year; this copying of the tcb files was only intended to keep things working until then.

Since UXSGKBAN00000227 recommends copying tcb files from one host to another, and KBRC00004823 recommends editing the tcb, and I'm not auditing now anyway, I'm just going to go ahead and copy the tcb files.

- John
0 Kudos
Reply
Jeff Schussele
Honored Contributor

тАО03-31-2004 10:33 AM

тАО03-31-2004 10:33 AM

Re: how to fix "duplicate audit id"

OH - OK, I see now.
Again that's another thing we do frequently.
Just get the system quiescent - get all the users off - use /etc/NOLOGIN, etc

Then tar & copy/ftp/whatever:

1) /etc/passwd
2) /etc/group/
3) /etc/logingroup #or relink to group
4) /tcb/*

and then I also like to copy

5)/home/* #just so they match - may want to warn users of this one first so they can prepare for it - ya know save their unique stuff from the destination to the source so when the copy's complete - they lose nada.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
John Kittel
Trusted Contributor

тАО03-31-2004 11:45 AM

тАО03-31-2004 11:45 AM

Re: how to fix "duplicate audit id"

Thanks again Jeff.

Although no one pulled a rabbit out of the hat specifically answering how to remedy duplicate audit ids, I am sufficiently tired of this that I don't wish to pursue it further, unless someone sees that I am grossly ignoring something important and wishes to further enlighten me.

- John
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.