HPE Community
Operating System - HP-UX
1820733 Members
3143 Online
109627 Solutions
New Discussion юеВ

Problem creating a new user

 
yalin zhao
Advisor

тАО07-15-2002 08:14 AM

тАО07-15-2002 08:14 AM

Problem creating a new user

Hi there,

I have problems creating a new user through SAM.I tried to create three different users but got same result:

1.SAM can create a new user but does not list it in the user list after creating it.But I can see this new user in the/etc/passwd file.
2.When I login as this new user, I would get message "Your password has expired"
"Login aborted due to no new password"
"Wait for login Exit"
Then the window closes automatically.
3.As root, I can su - newuser. But when I type "whoami", I would get "Intruder Alert".

Anyone can figure out why this happened? Thanks for your response.

Yalin
0 Kudos
Reply
19 REPLIES 19
Peter Kloetgen
Esteemed Contributor

тАО07-15-2002 08:18 AM

тАО07-15-2002 08:18 AM

Re: Problem creating a new user

Hi Yalin,

did you try to assign a password to the user as root?

passwd user_name

Try to login as new user after this. (I guess you are working on a trusted system)

Allways stay on the bright side of life!

Peter
I'm learning here as well as helping
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

тАО07-15-2002 08:19 AM

тАО07-15-2002 08:19 AM

Re: Problem creating a new user

Hi,

Look at the permissions on the /etc/passwd file. It should have read permissions for others.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО07-15-2002 08:20 AM

тАО07-15-2002 08:20 AM

Re: Problem creating a new user

Hi:

Check the permissions on '/etc/passwd'. They should be 644 or at least 444. The same is true for 'etc/group'. The permissions on the '/etc' directory should be 555. Make sure that both situations are correct.

Regards!

...JRF...

0 Kudos
Reply
PIYUSH D. PATEL
Honored Contributor

тАО07-15-2002 08:20 AM

тАО07-15-2002 08:20 AM

Re: Problem creating a new user

Hi,

You can change the passwword thro
#passwd username

Check the permissions of the /etc/passwd and /etc/group file. These files should be readable by everybody. Or else it will give you an intruder alert message.

Also run pwck ...which checks your password file.

Piyush
0 Kudos
Reply
S.K. Chan
Honored Contributor

тАО07-15-2002 08:24 AM

тАО07-15-2002 08:24 AM

Re: Problem creating a new user

The "intruder alert" will be produced if "whoami" command is having problem reading /etc/passwd file or the UID does not exist in /etc/passwd. Like others have suggested, look at it's permission.
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

тАО07-15-2002 08:42 AM

тАО07-15-2002 08:42 AM

Re: Problem creating a new user

Hi Yalin


These are the 2 reasons :

1. Permission for the /etc/passwd file .

2. There are 2 users with differnt names and the same uid.


Manoj Srivastava
0 Kudos
Reply
Martin Johnson
Honored Contributor

тАО07-15-2002 08:42 AM

тАО07-15-2002 08:42 AM

Re: Problem creating a new user

It is most likely a permission problem with /etc/passwd or /etc/group. However, I've seen this behavior when the /etc/passwd has become corrupt. Try openning the /etc/passwd file using vi and see if you get an error message like incomplete last line. For me, just doing a :wq! to rewrite the file cleared up the problem.

HTH
Marty
0 Kudos
Reply
yalin zhao
Advisor

тАО07-15-2002 08:43 AM

тАО07-15-2002 08:43 AM

Re: Problem creating a new user

I checked the right for /etc which is 555
/etc/passwd file is 444
/etc/group file is 444

This is a trusted system

I tried to assign a new password for this user.
I got the message "Password cannot be changed. Reason: Cannot access protected password entry."
0 Kudos
Reply
Peter Kloetgen
Esteemed Contributor

тАО07-15-2002 09:00 AM

тАО07-15-2002 09:00 AM

Re: Problem creating a new user

Hi Yalin,

is a shadow file created for your new user in which the password is stored on trusted systems instead of /etc/passwd file? You will find it here:

/etc/tcb/auth/first_letter_of_username/username

seems like no shadow files are created on your system.

Allways stay on the bright side of life!

Peter
I'm learning here as well as helping
0 Kudos
Reply
PIYUSH D. PATEL
Honored Contributor

тАО07-15-2002 09:02 AM

тАО07-15-2002 09:02 AM

Re: Problem creating a new user

Hi,

Try this :

Copy /tcb/files/auth/initial/user_name to /tcb/files/auth/initial/newuser and edit the file and correct the entries:
u_name=
u_pswduser=

Piyush
0 Kudos
Reply
yalin zhao
Advisor

тАО07-15-2002 09:29 AM

тАО07-15-2002 09:29 AM

Re: Problem creating a new user

Hi Peter,

I found the file on this trusted system at the location /tcb/files/auth. Should I remove the file with letter of that user_name and then recreate it?

Yalin
0 Kudos
Reply
yalin zhao
Advisor

тАО07-15-2002 11:58 AM

тАО07-15-2002 11:58 AM

Re: Problem creating a new user

I have tried all you suggested. But still the problem exists. Any other area you can think of? Thanks everybody.

Yalin
0 Kudos
Reply
Daimian Woznick
Trusted Contributor

тАО07-15-2002 12:17 PM

тАО07-15-2002 12:17 PM

Re: Problem creating a new user

Can you post the results of getprdef -m and getprpw ? Also post the TCB file itself. Have you ran authck yet?
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

тАО07-15-2002 12:32 PM

тАО07-15-2002 12:32 PM

Re: Problem creating a new user

Hi Yalin


If you are still not able to change it then try doing it by sam , or change the system to untrusted system by tsconvert 0-r change it and then change it to trusted system.


Manoj Srivastava
0 Kudos
Reply
yalin zhao
Advisor

тАО07-15-2002 12:46 PM

тАО07-15-2002 12:46 PM

Re: Problem creating a new user

Following are what I got:

1.
# more /tcb/files/auth/t/tester
tester:u_name=tester:u_id#105: :u_pwd=ZybX.fDQZQ7JM: :u_auditid#22: :u_auditflag#1: :u_succhg#0:u_suclog#1026765245:u_lock@:chkent:
2.
# authck -p
#
3.
# getprdef -m
sh: getprdef: not found.
4.
# getprpw tester
sh: getprpw: not found.


What is the command to change the system back to trusted system.

Thanks




0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

тАО07-15-2002 12:52 PM

тАО07-15-2002 12:52 PM

Re: Problem creating a new user

Hi Yalin,

As you tried all the options so far, try unconvert/converting the system to trusted.

1. Run /usr/lbin/tsconvert -r

This will restore the password file.

2. Run /usr/lbin/tsconvert

This will convert the system. But this will expire all the passwords of the users. So, following step is very important so that it will un-expire the passwords and your users will not see any difference.

SAM -> Auditing and Security -> System Security Policies -> Password Aging policies -> password aging

Select "disabled" and select OK
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

тАО07-15-2002 12:54 PM

тАО07-15-2002 12:54 PM

Re: Problem creating a new user

..[contd].. also restore if you have made any customizations before like no. of login tries etc.,.

This way it will not cause any inconvenience to the users.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
doug hosking
Esteemed Contributor

тАО07-15-2002 03:38 PM

тАО07-15-2002 03:38 PM

Re: Problem creating a new user

getprpw and getprdef are in /usr/lbin, which is probably not in your $PATH normally.
Is tester the real name of the user you
tried to create?
0 Kudos
Reply
yalin zhao
Advisor

тАО07-16-2002 05:41 AM

тАО07-16-2002 05:41 AM

Re: Problem creating a new user

Thanks everybody,

I created a user through command line. I will do a search on the SAM problem which I guess a bug exists.

Yalin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.