HPE Community
Operating System - HP-UX
1819839 Members
2404 Online
109607 Solutions
New Discussion юеВ

login denied for all users

 
SOLVED
Go to solution
Niclas Otterberg
Advisor

тАО09-22-2006 06:50 AM

тАО09-22-2006 06:50 AM

login denied for all users

I've somehow messed up login authorization on my server. I can't login with any username anymore, not even as root (neither via telnet or ftp)

The only change I did was to enable nsswitch.conf and pointed out to read files before DNS for hosts.

Question is, is there a possebility that I've got junk characters in my nsswitch.conf that can prevent login authorization?

I luckley had one session as a non root user up and if I try to do su - I got in return something like the following "User ID not known to the system" Feels like password authenticaztion is swrewed up in some way.

Any ideas?
0 Kudos
Reply
10 REPLIES 10
IT_2007
Honored Contributor

тАО09-22-2006 06:53 AM

тАО09-22-2006 06:53 AM

Re: login denied for all users

try to login at Server Console as root.

cat /etc/nssswitch.conf file and see for any errors. What is syslog says?
Reply
Jim Purtell
Frequent Advisor

тАО09-22-2006 07:13 AM

тАО09-22-2006 07:13 AM

Re: login denied for all users

Nic,

It sounds like you may have corrupted the nsswitch.conf file, or at least updated the passwd: feild.

It might be that you'll need to reboot into single user mode and make sure that the 'passwd' line reads . . .
passwd: compat
or
passwd: files

But before you do that, what are the permissions on the /etc/nsswitch.conf file? A normal user should be able to cat out the contents. You say you have a session open? If you can, post the resolts of . . .

cat /etc/nsswitch.conf

And while your at it, see if you have the . . .
/etc/nsswitch.compat
/etc/nsswitch.files
/etc/nsswitch.hp_defaults
/etc/nsswitch.nis
/etc/nsswitch.nisplus

. . . as backups.

Regards,
Jim
Reply
Jaime Bolanos Rojas.
Honored Contributor

тАО09-22-2006 07:15 AM

тАО09-22-2006 07:15 AM

Re: login denied for all users

Niclas,

Also try to login in single user mode and see if you can undo your changes.

Also see if you can change the root password, maybe the /etc/passwd got screw up.

Regards,

Jaime.
Work hard when the need comes out.
Reply
spex
Honored Contributor

тАО09-22-2006 07:19 AM

тАО09-22-2006 07:19 AM

Solution

Re: login denied for all users

Hi,

The passwd line in nsswitch.conf has a problem.

PCS
Reply
Jo├лl Techer
Advisor

тАО09-22-2006 08:12 AM

тАО09-22-2006 08:12 AM

Re: login denied for all users

Hi,


1) James Balanos Rojas has right, Boot en single mode. you don't need to enter passwd.
once the system is up => mount -a
=> passwd root => ENTER YOUR PASSWD

2)if you have many UNIX servers , perhaps you can connect from another server with rlogin (not secure).

Best Regards

Jean-Louis
Reply
Niclas Otterberg
Advisor

тАО09-22-2006 07:31 PM

тАО09-22-2006 07:31 PM

Re: login denied for all users

Thanks alot, many good points there.

I've tried to reached concole prompt but since it is a VPAR server I only manage to reache some kind of MON> prompt and I dont know how to get a login prompt from there.

The other issue is we have a job running on the server this weekend so I cant reboot the server just yet. But I figured I boot into single user mode and then either remove nsswitch.conf or just edit it and remove any trace of junk in it.

--- Jim: Permissions on the nsswitch.conf is r--r--r--. Unfortunately the session which is still logged on is at work so I cant reach the server from home, so I cant post the output of ls /etc/nsswitch.* nor the output of cat nsswitch.conf but It should read like this (prompted from my other VPAR instance which I still can log into)

#
# /etc/nsswitch.hp_defaults:
#
# @(#)B11.23_LR
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses NIS (YP) in conjunction with files.
#

passwd: compat
group: compat
hosts: files dns [NOTFOUND=return] nis [NOTFOUND=return]
ipnodes: dns [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
netgroup: nis [NOTFOUND=return] files
automount: files nis
aliases: files nis
services: nis [NOTFOUND=return] files


As said earlier I've only changed the hosts entry.

My /etc/hosts files is something like this (picked from my memory)

192.168.1.10 servera.lindex.se servera
192.168.1.11 serverb.lindex.se serverb
127.0.0.1 localhost loopback

As you can figure First VPAR instance is serverA and this is the server I cant reach and the other VPAR instance is serverB which I still can log into.

0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО09-23-2006 03:19 AM

тАО09-23-2006 03:19 AM

Re: login denied for all users

The nsswitch.conf file should have these changes:

passwd: files
hosts: files [NOTFOUND=continue TRYAGAIN=continue] dns

Then verify that nslookup can find an entry in /etc/hosts, and also an entry in your DNS server.


Bill Hassell, sysadmin
Reply
Niclas Otterberg
Advisor

тАО09-23-2006 09:31 PM

тАО09-23-2006 09:31 PM

Re: login denied for all users

Trying to figure out how to reboot the failing VPAR into singel user mode. As I cant login as root on that VPAR I have to reboot it from elsewhere. Any Ideas how to accomplish this? vparreset -p from the working VPAR as the only option I come up with or is there a way to do this from the MON> console? As far as I can see the reboot option reboots the entire NPAR?!
0 Kudos
Reply
IT_2007
Honored Contributor

тАО09-24-2006 03:52 AM

тАО09-24-2006 03:52 AM

Re: login denied for all users

Trying to figure out how to reboot the failing VPAR into singel user mode. As I cant login as root on that VPAR I have to reboot it from elsewhere. Any Ideas how to accomplish this? vparreset -p from the working VPAR as the only option I come up with or is there a way to do this from the MON> console? As far as I can see the reboot option reboots the entire NPAR?!
==========================

If you have other vpar's running on the same partition then you can do this way:

vpar1:\$ vparreset -p vpar2 -h

Vpar2 will be halted.

vpar1:\$ vparboot -p vpar2 -o "is"

will reboot vpar2 into single user mode.

Reply
Niclas Otterberg
Advisor

тАО09-24-2006 05:22 AM

тАО09-24-2006 05:22 AM

Re: login denied for all users

Thanks alot everyone for your information. I've managed to start the vpar into single user mode and it was the nsswitch.conf file who was corrupted in some way. I will assign stars to you, you all have been to great help.

Must say I really dont like the only way to reboot my second VPAR is to crash it (vparreset) But hey, it did the job.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.