Operating System - HP-UX
1833758 Members
2467 Online
110063 Solutions
New Discussion

Re: HP-UX 11.11 - No user can login: URGENT

 
Tiem Nguyen Van
Occasional Contributor

HP-UX 11.11 - No user can login: URGENT

Dear Admin,

We have deploy new hp rp4440 running HP-UX 11.11 Mission Critical.
Some days ago it worked well. But this afternoon, we cannot login anymore.
Every time we try to login (even via Console), the system reply " Login incorrect".
I tried to boot at Single user mode succecfully and run passwd root.

Some thing have been check :
ll -lad /
ll -lad /etc
pwck
grpck

=> It;s seem good.

Anyvay, the system is NOT in TRUSTED mode.

Any one can help me to solv this issue asap?

Thanks and Best Regards,

Tiem NV

11 REPLIES 11
Ranjith_5
Honored Contributor

Re: HP-UX 11.11 - No user can login: URGENT

Hi,

Does your password contains any special characters like @ or #. Then you can do a direct login.

Regards,
Syam
Ranjith_5
Honored Contributor

Re: HP-UX 11.11 - No user can login: URGENT

Hi Tiem,

Ohh sorry..I thought only one user have this prob.

Can you check any file called /etc/nologin exists?

Regards,
Syam
Andy Torres
Trusted Contributor

Re: HP-UX 11.11 - No user can login: URGENT

Is this a bad time to mention you have assigned points to 0 of 6 responses to your questions? Maybe not. Let's get through your emergency first.

Check the /var/adm/syslog/syslog.log first to see if anything special happened around the time you lost login ability and go from there.
Tiem Nguyen Van
Occasional Contributor

Re: HP-UX 11.11 - No user can login: URGENT

Dear Sam,

Thanks for your reply.
I checked that there is no /etc/nologin file
(also /etc/default/secority).


Some info in my syslog.log file.

Oct 18 14:01:44 xxx login: open_module: module /usr/lib/security/libpam_unix.
Oct 18 14:01:44 xxx login: load_modules: can not open module /usr/lib/security

Oct 18 14:01:44 t24tcb login: open_module: module /usr/lib/security/libpam_unix.
1 writable by group
Oct 18 14:01:44 xxxx login: load_modules: can not open module /usr/lib/securit
y/libpam_unix.1
Oct 18 14:01:44 xxxx login: load_modules: pam_sm_acct_mgmt() missing


What I can do next ?
Denver Osborn
Honored Contributor

Re: HP-UX 11.11 - No user can login: URGENT

could it be someone removed /usr/lib/security/ or there is a problem with the /usr filesystem or a disk that contains /usr...

if /usr looks fine, any changes made to /etc/pam.conf or /etc/pam_user.conf?

were there any recent patch installs that could have gone bad?

is /usr mounted?

are all the pv's in the root vg available?

hope this helps your troubleshooting
-denver
Denver Osborn
Honored Contributor

Re: HP-UX 11.11 - No user can login: URGENT

doh! I need to read a bit slower.

check permissions on /usr/lib/security to those of a working system you have access to.

I think the libs under /usr/lib/security/ should be 555. then look at root's shell hist if it's setup and keep an eye out for any recursive chmod that may have been run. :)

-denver
Andy Torres
Trusted Contributor

Re: HP-UX 11.11 - No user can login: URGENT

I'm not experienced enough with pam to make the call, but it appears your (pam?) fileset isn't completely installed or has been moved/removed/chmod'ed somehow.

Call HP with the syslog as a starting point for troubleshooting and stay tuned here in case one of the experts picks up the thread.

Good luck.
Tiem Nguyen Van
Occasional Contributor

Re: HP-UX 11.11 - No user can login: URGENT

Hi all,

The /usr is fine.
No path update.


Capture from pam*
cat pam_user.conf
#
# This file defines PAM configuration for a user. The configuration
# here overrides pam.conf.
#
# The format for each entry is:
# user_name module_type module_path options
#
# For example:
#
# user_a auth /usr/lib/security/libpam_unix.1 debug
# user_a auth /usr/lib/security/libpam_dce.1 try_first_pass
# user_a password /usr/lib/security/libpam_unix.1 debug
#
# user_b auth /usr/lib/security/libpam_unix.1 debug use_psd
# user_b password /usr/lib/security/libpam_unix.1 debug use_psd
#
# See the pam_user.conf(4) manual page for more information
#
#
# cat pam.conf
#
# PAM Configuration
#
# Account Management
#
dtaction account required /usr/lib/security/libpam_unix.1
dtlogin account required /usr/lib/security/libpam_unix.1
ftp account required /usr/lib/security/libpam_unix.1
login account required /usr/lib/security/libpam_unix.1
mxpamauthrealm account required /usr/lib/security/libpam_unix.1
su account required /usr/lib/security/libpam_unix.1
OTHER account required /usr/lib/security/libpam_unix.1
#
# Authentication Management
#
dtaction auth required /usr/lib/security/libpam_unix.1
dtlogin auth required /usr/lib/security/libpam_unix.1
ftp auth required /usr/lib/security/libpam_unix.1
login auth required /usr/lib/security/libpam_unix.1
mxpamauthrealm auth required /usr/lib/security/libpam_unix.1
su auth required /usr/lib/security/libpam_unix.1
OTHER auth required /usr/lib/security/libpam_unix.1
#
# Password Management
#
dtaction password required /usr/lib/security/libpam_unix.1
dtlogin password required /usr/lib/security/libpam_unix.1
login password required /usr/lib/security/libpam_unix.1
passwd password required /usr/lib/security/libpam_unix.1
OTHER password required /usr/lib/security/libpam_unix.1
#
# Session Management
#
dtaction session required /usr/lib/security/libpam_unix.1
dtlogin session required /usr/lib/security/libpam_unix.1
login session required /usr/lib/security/libpam_unix.1
mxpamauthrealm session required /usr/lib/security/libpam_unix.1
OTHER session required /usr/lib/security/libpam_unix.1
#


ll /usr/lib/security
total 1200
-rwxrwxrwx 1 root bin 57344 Jan 31 2003 libpam_dce.1
-rwxrwxrwx 1 root sys 344064 Jun 21 2002 libpam_krb5.1
lrwxr-xr-x 1 root sys 37 Sep 12 13:37 libpam_ntlm.1 -> /opt/
cifsclient/pam/lib/libpam_ntlm.1
-rwxrwxrwx 1 root sys 196608 Feb 19 2004 libpam_unix.1
-rwxrwxrwx 1 root sys 16384 Nov 14 2000 libpam_updbe.1

Anyone can help ???
Denver Osborn
Honored Contributor

Re: HP-UX 11.11 - No user can login: URGENT

permissions prob...

cd /usr/lib/security
chmod 555 libpam_dce.1
chmod 555 libpam_krb5.1
chmod 555 libpam_unix.1
chmod 555 libpam_updbe.1

chmod 555 /opt/cifsclient/pam/lib/libpam_ntlm.1


also look at roots shell history to see what "chmod" may have done you wrong. If /usr/lib/security was hit to 777, I'd worry about the stability of the system. Chances are root did a recursive chmod from /, /usr or???

-denver
Andy Torres
Trusted Contributor

Re: HP-UX 11.11 - No user can login: URGENT

Looks like Denver's got it. I just checked mine and they are all 555 as well. Good call, Denver.
Tiem Nguyen Van
Occasional Contributor

Re: HP-UX 11.11 - No user can login: URGENT

Hi Denver,

Special thanks to you.
I change the file mode and successfully
login into the system.

Thanks and Best regards to all.
Tiem NV