HPE Community
Operating System - HP-UX
1833047 Members
2553 Online
110049 Solutions
New Discussion

user "sysadm" a/c disable frequently

 
Mohammed Imran
Advisor

‎03-14-2006 08:06 PM

‎03-14-2006 08:06 PM

user "sysadm" a/c disable frequently

Gentlemen,

One of user "sysadm" is getting locked by it's own & I had checked the log and found the following deiscrepency.
Mar 13 08:02:35 sa1 remshd[28483]: PAM Status - 28, PAM Error Message - Account is disabled - see Account Administrator
Mar 13 08:02:36 sa1 remshd[28524]: PAM Status - 28, PAM Error Message - Account is disabled - see Account Administrator
Mar 13 08:20:42 sa1 rexecd[28770]: PAM Status - 10, PAM Error Message - Get new authentication token
Mar 13 08:20:03 sa1 : su : - tty?? sysadm-sysadm
Mar 13 08:21:03 sa1 above message repeats 6 times
Please advise the remedy.
Thank you,
Mohammed
0 Kudos
Reply
10 REPLIES 10
Arunvijai_4
Honored Contributor

‎03-14-2006 08:10 PM

‎03-14-2006 08:10 PM

Re: user "sysadm" a/c disable frequently

Hi,

You can enable it by,

# /usr/lbin/modprpw -e sysadm


-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Peter Godron
Honored Contributor

‎03-14-2006 08:10 PM

‎03-14-2006 08:10 PM

Re: user "sysadm" a/c disable frequently

Mohammed,
another system is using remote shell to attempt to execute a command.

Try to get more info with
inetd -l
which should log to /var/adms/syslog/syslog.log
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎03-14-2006 08:17 PM

‎03-14-2006 08:17 PM

Re: user "sysadm" a/c disable frequently

Is there any new pam module in /etc/pam.conf file for login?

--
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Sivakumar TS
Honored Contributor

‎03-14-2006 08:21 PM

‎03-14-2006 08:21 PM

Re: user "sysadm" a/c disable frequently


Hi Mohammed,

#modprpw -k

is the command to UNLOCK the user account.

Regards,

Siva.
Nothing is Impossible !
0 Kudos
Reply
Sivakumar TS
Honored Contributor

‎03-14-2006 08:33 PM

‎03-14-2006 08:33 PM

Re: user "sysadm" a/c disable frequently


Hi Mohammed,

In modprpw, database u_maxtries,is the parameter that sets the Maximum unsuccessful Login tries allowed.

0 = infinite.

Incase if you dont want the account to get locked, you may set this.

Regards,

Siva.
Nothing is Impossible !
0 Kudos
Reply
Mohammed Imran
Advisor

‎03-14-2006 09:34 PM

‎03-14-2006 09:34 PM

Re: user "sysadm" a/c disable frequently

Gentlemen,
Please the check the attached log from /var/adm/syslog/sylog.log for your investigation.
Thank you.
imran
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎03-14-2006 09:44 PM

‎03-14-2006 09:44 PM

Re: user "sysadm" a/c disable frequently

Problem is when you are trying to use remsh or rexec commands. Can you try and reproduce the same errors?

By which account you have tried to do remsh or rexec? what is your operating system? uname -a will give that.

I hope /etc/pam.conf file is having a module which is making the problem in login with r* commands.

--
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Mohammed Imran
Advisor

‎03-14-2006 10:26 PM

‎03-14-2006 10:26 PM

Re: user "sysadm" a/c disable frequently

Dear Muthu,

My os is 11.00 and how do i konw which account is doing the remsh.

pls check the log which i had sent and advise.
thank you,
imran
0 Kudos
Reply
Peter Godron
Honored Contributor

‎03-14-2006 10:30 PM

‎03-14-2006 10:30 PM

Re: user "sysadm" a/c disable frequently

Mohammed,
please see my earlier response.
inetd -l
will switch on logging of all connection attempts.

See man inetd
0 Kudos
Reply
Mohammed Imran
Advisor

‎03-14-2006 10:53 PM

‎03-14-2006 10:53 PM

Re: user "sysadm" a/c disable frequently

Dear Peter,
I did the inetd -l but still the same only user sysadm is getting locked.
thanks,
imran
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.