HPE Community
Operating System - HP-UX
1834379 Members
2482 Online
110066 Solutions
New Discussion

root unable to login from console

 
Robychen
Occasional Contributor

‎11-29-2004 10:45 PM

‎11-29-2004 10:45 PM

root unable to login from console

Hi,

I am unable to login as root or as any other root equivalent user on a Trusted system from telnet session or on console of a vPar on one nPartition of a Superdome. When I login through telnet session I am getting message as given below.

login: root
Password:
Account is disabled - see Account Administrator


When I login to the console through GSP message is coming as given below.

Console Login: root
Password:
Account is disabled but console login is allowed.
Login incorrect

/etc/securetty file is not present on system.

Regards

Robychen
0 Kudos
Reply
12 REPLIES 12
Victor BERRIDGE
Honored Contributor

‎11-29-2004 10:55 PM

‎11-29-2004 10:55 PM

Re: root unable to login from console

Hi,
Have you tried to su to your other root equivalent from a user login?


All the best
Victor
0 Kudos
Reply
twang
Honored Contributor

‎11-29-2004 10:57 PM

‎11-29-2004 10:57 PM

Re: root unable to login from console

Do you have a trusted system?
Does /etc/tcb exist on system?
0 Kudos
Reply
Robychen
Occasional Contributor

‎11-29-2004 10:59 PM

‎11-29-2004 10:59 PM

Re: root unable to login from console

Hi Victor,

su is also not working.

Regards

Robychen
0 Kudos
Reply
Robychen
Occasional Contributor

‎11-29-2004 11:06 PM

‎11-29-2004 11:06 PM

Re: root unable to login from console

Hi Twang,

As I mentioned earlier the system is a trusted system and my user details are present under /tcb/files/auth. I couldn't find /etc/tcb on my system.

Regards

Robychen
0 Kudos
Reply
twang
Honored Contributor

‎11-29-2004 11:16 PM

‎11-29-2004 11:16 PM

Re: root unable to login from console

1. Login into single user mode
2. Untrust the system
# /usr/lbin/tsconvert -r
3. Change the passwd
# passwd root
4. Make the system trusted again
# /usr/lbin/tsconvert
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎11-29-2004 11:33 PM

‎11-29-2004 11:33 PM

Re: root unable to login from console

Im a bit puzzled, because on trusted systems Iv been caught a few times and put in place other root alias accounts to su to and give myself the rights to restricted sam to all it can - the most important is to shudown the system in order to go single user...
From What I remember (more than 3 years since I had the last trouble with trusted...)
If the root account gets locked out or deactivated, you should still be able to login as root on the console. A message similar to this: account is disabled but console login is allowed will be displayed on the console when logging in. Once you login from the console, you can reactivate the account through SAM.
But I found this doc:

DocId: USECKBRC00010536 Updated: 9/13/02 9:11:00 AM
PROBLEM
On a Trusted System, trying to login via telnet as root displayed the following:

Account is disabled - see Account Administrator

When trying to login via the console, it appears to be locked or hung. Is
there some way to reset the root password without rebooting the server?
CONFIGURATION
10.x 11.x
RESOLUTION
The following steps can be performed to "reset" the console and try to free it:

1. Power off the console
2. Hold down both the "ctrl" and "D" keys
3. Power on the console while both keys are still held down.
4. Leave the keys held down for 10 seconds and then release.
5. You should receive a message stating that the console has been returned to
factory defaults.
6. Hit "Return"
7. Attempt the root console login once again.

If these steps do not work and the root account cannot be re-activated, you
will have to reboot to try and free the console.


I will continue to look at my notes to see if I have anything better

Good luck
Victor
0 Kudos
Reply
Robychen
Occasional Contributor

‎11-29-2004 11:36 PM

‎11-29-2004 11:36 PM

Re: root unable to login from console

Hi Twang,

As it is a live production system I have to try to avoid a reboot of the sytem for resetting the password. Is this problem because of any files like /etc/security.

Regards
Robychen D
0 Kudos
Reply
Robychen
Occasional Contributor

‎11-29-2004 11:46 PM

‎11-29-2004 11:46 PM

Re: root unable to login from console

Hi Victor,

Thanks for the reply. But in my case I'm not using a physical console teminal. I'm trying to login through the GSP lan console of the Superdome. We are able to login as root on other vPars and nPartitions through the same GSP lan console but not on this vPar only.

Regards
Robychen
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎11-29-2004 11:52 PM

‎11-29-2004 11:52 PM

Re: root unable to login from console

Hi Rob,
I did understand your point and do realize that avoiding a reboot is what you want...

/etc/securetty is for allowing root to log only from generaly: console

My question is there are other files that can be configured like /etc/default/security
my example:
IN_PASSWORD_LENGTH=6
PASSWORD_HISTORY_DEPTH=3
PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
PASSWORD_MIN_SPECIAL_CHARS=0
SU_ROOT_GROUP=bin

only allows people in group bin to su root, this may have been implemented have a look but Im not very optimist because I gave to my file :
-rw-r----- 1 root bin 189 Jun 15 16:20 security
and /tcb/files/auth/* you must be root to see...
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎11-29-2004 11:54 PM

‎11-29-2004 11:54 PM

Re: root unable to login from console

With all that comment I forgot to ask you what I wanted:
Do you have a true (serial port) console attached?
(I may ask a silly question here because I have no superdome...)

All the best
Victor
0 Kudos
Reply
Darrel Louis
Honored Contributor

‎12-01-2004 09:23 AM

‎12-01-2004 09:23 AM

Re: root unable to login from console

Robychen,

If you login under your account and try sudo, if it's implemented and try the following.
/usr/lbin/getprpw -r -m lockout root

To reactivate:
/usr/lbin/modprpw -k root
verify exit status(=0)

When creating a trusted system make sure you're root account will never expire.
/usr/lbin/modprpw -m lftm=0,exptm=0,mintm=0,acctexp=-1 root

lftm=0 then password aging disabled.
Acctexp=-1 expiration disabled, set to infinity.

Can you logon to one of the other partitions as root via the GSP-Console?

Victor: a Superdome doesn't have a console attached to it but a A-class server with GSP on it.
Each partition on an HP Superdome server has its own console.
This partition console provides console login access to HP-UX and serves as /dev/console for the partition.
See: http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90702/B2355-90702_top.html&con=/hpux/onlinedocs/B2355-90702/00/00/14-con.html&toc=/hpux/onlinedocs/B2355-90702/00/00/14-toc.html&searchterms=gsp%7csuperdome&queryid=20041201-150351
0 Kudos
Reply
Paul Ostrowski
Occasional Contributor

‎12-02-2004 07:23 AM

‎12-02-2004 07:23 AM

Re: root unable to login from console

It doesen't sound like you will be able to login/sudo or su from any other account. so the only way will be to reboot into single user mode and unlock the root accout.

make sure that you mount all your filesystems in single user mode.

mount -a

then run /usr/lbin/modprpw -k root

for more info look at the modprpw man page
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.