HPE Community
Operating System - HP-UX
1819966 Members
3838 Online
109607 Solutions
New Discussion юеВ

Use account access denied after password change

 
bilbow
New Member

тАО02-22-2006 03:02 AM

тАО02-22-2006 03:02 AM

Use account access denied after password change

I have a user who's password was changed in SAM on a Trusted HPUX 11i system. Logon is attempted by using ssh. After the password was changed, the user gets access denied when attempting to logon. I have tried modprpw -V, I have removed the user, leaving the files and folders, and then recreating it. The system generates a password. The user logs in, is forced to change the password. Once changed successfully, access is denied upon logon through ssh. Any suggestions?
0 Kudos
Reply
13 REPLIES 13
ruben_28
Occasional Advisor

тАО02-22-2006 03:05 AM

тАО02-22-2006 03:05 AM

Re: Use account access denied after password change

if you are logged in the server with other login (not root) you can do su - user and loggon writing the password?
0 Kudos
Reply
Sanjay_6
Honored Contributor

тАО02-22-2006 03:30 AM

тАО02-22-2006 03:30 AM

Re: Use account access denied after password change

Hi,

I had seen similar problem on shadow password where the password for the user was stored in both /etc/passwd and /etc/shadow.

On a shadow password server the password should only be in the /etc/shadow and the /etc/passwd file should have a "*" in the encryted password field.

We corrected the situation by manually editing the /etc/passwd file and replacing the encrypted password with a "*"

Hope this helps.

regds
0 Kudos
Reply
bilbow
New Member

тАО02-22-2006 05:34 AM

тАО02-22-2006 05:34 AM

Re: Use account access denied after password change

ruben...yes I can su from another "normal" user to this account and use the password.

Sanjay...the /etc/passwd has "*" in the password filed.

I have been looking at the /tcb/files/auth/* entires to try and decipher any differences between this account and one that works. But, if I can su to this account, this trusted password file shouldn't be the issue.....
0 Kudos
Reply
Chaz Emery
Advisor

тАО02-22-2006 07:19 AM

тАО02-22-2006 07:19 AM

Re: Use account access denied after password change

The user's access method maybe contributing to this issue.

If you have not already, ask the user for a screen shot that shows the error occurring.

A couple of things could be occuring, that are not systemic problems:

The users' ssh program might not accomodate setting a new password when using an expired or temporary password (reset by admin).

Or ssh could be restricted?
check your sshd config
0 Kudos
Reply
DCE
Honored Contributor

тАО02-22-2006 07:23 AM

тАО02-22-2006 07:23 AM

Re: Use account access denied after password change

The user account may be locked -

try modprpw -k user_id to reactivate the account

0 Kudos
Reply
Chaz Emery
Advisor

тАО02-22-2006 08:13 AM

тАО02-22-2006 08:13 AM

Re: Use account access denied after password change

In addition to my prior suggestions,
If telnet is enabled, have the user attempt to login via telnet, from MSDOS prompt.
This will allow the user the opportunity to specificy a new password if asked.

A text only ssh tool like putty could also accomodate this if telnet is disabled.
0 Kudos
Reply
Mark Greene_1
Honored Contributor

тАО02-22-2006 08:48 AM

тАО02-22-2006 08:48 AM

Re: Use account access denied after password change

Look at the account in SAM; from the Actions menu select "Modify Security Policies" look at the "Password Aging Policies" and the "General User Account Policies" for the login. Verify that you don't have conflicts with settings at 0 or 1.

mark
the future will be a lot like now, only later
0 Kudos
Reply
shridhar_1
Frequent Advisor

тАО02-22-2006 04:22 PM

тАО02-22-2006 04:22 PM

Re: Use account access denied after password change

├в hi

try resetting password

passwd -d username

passwd username

trim files

try cat > /var/adm/wtmp
cat > .........btmp


├в HTH
├в shri
0 Kudos
Reply
Tom Henning
Trusted Contributor

тАО02-23-2006 12:11 AM

тАО02-23-2006 12:11 AM

Re: Use account access denied after password change

One other possibility, if the user is using either of the '@' or '#' characters in thier password. These can cause problems when logging in, thus leading to having the account being locked out after a few attempts at logging in. The shell normally has these charaters re-mapped in the .profile, so the su would work.

See the man page for passwd.
What is it that possesses otherwise sane individuals to change something just because it has not been changed in a while?
0 Kudos
Reply
bilbow
New Member

тАО02-23-2006 01:01 AM

тАО02-23-2006 01:01 AM

Re: Use account access denied after password change

I think Chaz in on the money with the sshd_config, however, I have not found the setting causing the problem. I'll explain by responding to all the posts.

DCE..I checked the account by using getprpw and the account is not locked.

Chaz...We are using putty for our ssh connection.

Mark...i looked in SAM and see no conflicks with the settings.

Shridhar....I tried changing the passwd this way also and still get access denied upon logon though putty..ssh.

Tom...I have changed the password for this account making sure the '@" or '#' were not used with the same results├в ┬жaccess denied.

I also went to the console and was able to logon successfully with the user's account. This leads me to believe that the account is fine, and the problem is with putty. We have tried logging on from different computers that have not used putty before. Again the same access denied. This is why I think Chaz has the right idea.

Has anyone found any good documentation on sshd_config?
0 Kudos
Reply
bilbow
New Member

тАО02-23-2006 01:09 AM

тАО02-23-2006 01:09 AM

Re: Use account access denied after password change

Let me rephrase the last question; Has anyone found any good documentation for sshd_config besides the man pages?

I have been reading them, but nothing jumps out at me as the problem.
0 Kudos
Reply
bilbow
New Member

тАО02-28-2006 12:24 AM

тАО02-28-2006 12:24 AM

Re: Use account access denied after password change

I still have not found the culprit of this problem. I have, however temporarily fixed it by taking the system out of trusted mode, putting back in trusted mode, then running the modprpw -V command.

I want to thank everyone for your ideas and suggestions.

Thanks.
0 Kudos
Reply
VAS_1
Frequent Advisor

тАО03-03-2006 08:18 AM

тАО03-03-2006 08:18 AM

Re: Use account access denied after password change

The .ssh directory and files under it can be especially sensitive to ownership and permissions. Try changing the perms on the .ssh directory to 700 and any file under it to 600.

Also, try using the verbose command and you might see better information on what the problem is:

ssh -v user@your_server

You can do this from the server itself if you need to. Add more v's (-vvv) if you want more verbose output.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.