This discussion is archived
5 Replies Latest reply: Dec 3, 2011 10:06 AM by EdStevens RSS

OEL 5.5 - access denied .... but not!

EdStevens Guru
Currently Being Moderated
Installed OEL 5.5 under VMworkstation 7 on Win 7 Home Premium.

I've built scores of this type of installation With XP Pro, Vista Pro, and Win 7 Pro being the host, but this is the first with Win 7 Home Premium. I doubt that difference is the factor fo this issue but feel it is worth mentioning.

Two things that may or may not be related, or multiple manifestations of the same problem ...

Connecting to the virtual OEL from putty on the host, I get
login as: oracle
Access denied
oracle@vmlnxsrv01's password:
Last login: Sun Nov 27 14:15:05 2011
[oracle@vmlnxsrv01 ~]$
login as: root
Access denied
root@vmlnxsrv01's password:
Last login: Sat Nov 26 16:30:28 2011
[root@vmlnxsrv01 ~]#
Notice that 'access denied' message . . . yet it still prompts for password and connects.

Other (related -- or not??) is that this time, when I built this vm with the graphical desktop, wheras I usually use text mode. On boot up, if I log on to the virtual console (graphical desktop) as root, it works as expected. If I log on as 'oracle', the console goes black for a little over 2 minutes, flashes the command line logon, then returns to the graphical logon page, with the 'userid' input field.

Ideas?
  • 1. Re: OEL 5.5 - access denied .... but not!
    TommyReynolds Expert
    Currently Being Moderated
    <ol>
    <li>
    Notice that 'access denied' message . . . yet it still prompts for password and connects.
    <p/>That is a putty quirk, methinks. It is first trying to authenticate using key exchange. This is probably being blocked by your OEL firewall. Did you accept the default firewall setting? You did? Well, that is why.
    <li>On boot up, if I log on to the virtual console (graphical desktop) as root, it works as expected. If I log on as 'oracle', the console goes black for a little over 2 minutes, flashes the command line logon, then returns to the graphical logon page, with the 'userid' input field.
    <p/>
    Sounds as if there is a problem with your X11 setup as the "oracle" user.
    </ol>
    <p/>Try turning off the OEL firewall:
    <pre># /sbin/service iptables stop</pre>
    and retry both of these.
  • 2. Re: OEL 5.5 - access denied .... but not!
    Dude! Guru
    Currently Being Moderated
    just tried version Putty version 0.61 in a virtual machine (Parallels Desktop) and can confirm the problem. Apparently PuTTY tries several authentication methods, and GSSAPI is the reason for the "Access denied" message. After receiving the "Access denied" message, click on the PuTTY icon in the top left hand corner of the session window, then select Event log. At the bottom you will see what exactly caused the failure, e.g. "GSSAPI authentication refused".

    To disable GSSAPI: open PuTTY, then click the + sign on SSH > click + sign on Auth > GSSAPI. Uncheck the 'Attempt GSSAPI authentication' checkbox.

    The "Access denied" message is gone.

    An alternative solution was be to setup Kerberos/SASL on the Linux side, but...
  • 3. Re: OEL 5.5 - access denied .... but not!
    Zoltan Kecskemethy Expert
    Currently Being Moderated
    Confirmed. I had the same issue here and your suggestion solved it.
  • 4. Re: OEL 5.5 - access denied .... but not!
    Dude! Guru
    Currently Being Moderated
    Thanks.
  • 5. Re: OEL 5.5 - access denied .... but not!
    EdStevens Guru
    Currently Being Moderated
    Dude wrote:
    just tried version Putty version 0.61 in a virtual machine (Parallels Desktop) and can confirm the problem. Apparently PuTTY tries several authentication methods, and GSSAPI is the reason for the "Access denied" message. After receiving the "Access denied" message, click on the PuTTY icon in the top left hand corner of the session window, then select Event log. At the bottom you will see what exactly caused the failure, e.g. "GSSAPI authentication refused".

    To disable GSSAPI: open PuTTY, then click the + sign on SSH > click + sign on Auth > GSSAPI. Uncheck the 'Attempt GSSAPI authentication' checkbox.

    The "Access denied" message is gone.

    An alternative solution was be to setup Kerberos/SASL on the Linux side, but...
    Bingo!

    I've not had the time to investigate this further until this morning. Sat my two laptops side by side (the "good" one running Win7 Enterprise 32-bit on an AMD processor, the "bad" one running Win7 Home Premium 64-bit on Intel i3). Cleared out all previous work on both, then built a new vm on each, making sure all configs were identical. Then I stepped through every config item in putty on both. All choices possible were the same, but I did begin to notice that the new (bad) machine had a few more choices in the putty config, so then noticed that the older (good) machine had putty 0.60, vs. 0.61 on the newer machine. Came back here to report findings and ask if anyone knew what the key might be, and see you already found it.

    Thanks for the assistance.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points