9 Replies Latest reply: Jan 24, 2013 10:37 AM by SGD_Admin RSS

    Unix Auth

    SGD_Admin
      Hi .. we are on Solaris 10, SGD v 4.62.913 .. when we reset a password in unix, sgd is still giving invalid credentials. We went in and deleted the cached entries for each sgd server, still not working. Thoughts/Suggestions please.

      Thanks
        • 1. Re: Unix Auth
          Mrbrown-Oracle
          invalid credentials @ login to the SGD webtop? provide details of


          $ tarantella config list | grep login

          have you restarted the SGD servers?
          • 2. Re: Unix Auth
            SGD_Admin
            restart SGD? for a simple user password change? not optimal and why would it be necessary ?

            login-ad-base-domain: ""
            login-ad-default-domain: ""
            login-ad: 0
            login-anon: 0
            login-atla: 0
            login-autotoken: 0
            login-ens: 1
            login-ldap-thirdparty-ens: 0
            login-ldap-thirdparty-profile: 0
            login-ldap: 0
            login-mapped: 0
            login-nt-domain: ""
            login-nt: 0
            login-securid: 0
            login-thirdparty-ens: 0
            login-thirdparty-nonens: 0
            login-thirdparty-superusers: sgd_trusted_user
            login-thirdparty: 0
            login-unix-group: 1
            login-unix-user: 0
            login-web-tokenvalidity: 180
            login-web-user: ttaserv
            server-login: enabled
            • 3. Re: Unix Auth
              Jeffro
              The account may be locked (disabled) in SGD.

              To check:

              tarantella object list_attributes --name ".../_ens/o=Organization/cn=accountname"

              Look for "enabled: 0" in the output. If it's zero, then the account is locked.

              To re-enable:

              tarantella object edit name ".../_ens/o=Organization/cn=accountname" enabled true
              • 4. Re: Unix Auth
                806512
                Out of curiosity, you wrote "sgd is still giving invalid credentials" - does this imply the login failure was occurring prior to resetting the password?

                Is this only happening for this single user-id, or are other "unix" users affected?

                Is there a Unix user profile for this user-id? If so, check to make sure the username attribute is mapped to the "right" unix userid. And, as suggested, be sure the account (user profile) is enabled.

                I'd take a look at the logs, especially for any jserver errors that might be getting logged.

                If nothing there, you may try setting a "server/login/*:login.log" logfilter to see if that provides any clues.
                • 5. Re: Unix Auth
                  805861
                  Which user password did you reset? Did you reset the user password on the SGD server or the application server? If you reset the user password on the application server, can you try launching the application again by holding down the Shift key to reset the password cache?
                  • 6. Re: Unix Auth
                    SGD_Admin
                    We ended up doing a server restart. Restarting SGD did no clear this issue.

                    The account is not locked , and the user can login to the server at the unix lievel ( we have checked ) on the sgd servers without issue.

                    The user did have the issue prior to our resetting the password. As far as we know it is this user only at this time.
                    • 7. Re: Unix Auth
                      SGD_Admin
                      Hi all,

                      The issue has been found, multiple entries for the same user in the ens...

                      Thanks for the hints and tips.
                      • 8. Re: Unix Auth
                        user359577
                        Hi,

                        What do you mean by "in the ens..." ?

                        Cheers
                        • 9. Re: Unix Auth
                          SGD_Admin
                          The user was built into the ens two times ..