This discussion is archived
9 Replies Latest reply: Jan 24, 2013 8:37 AM by SGD_Admin RSS

Unix Auth

SGD_Admin Newbie
Currently Being Moderated
Hi .. we are on Solaris 10, SGD v 4.62.913 .. when we reset a password in unix, sgd is still giving invalid credentials. We went in and deleted the cached entries for each sgd server, still not working. Thoughts/Suggestions please.

Thanks
  • 1. Re: Unix Auth
    MrBrown Explorer
    Currently Being Moderated
    invalid credentials @ login to the SGD webtop? provide details of


    $ tarantella config list | grep login

    have you restarted the SGD servers?
  • 2. Re: Unix Auth
    SGD_Admin Newbie
    Currently Being Moderated
    restart SGD? for a simple user password change? not optimal and why would it be necessary ?

    login-ad-base-domain: ""
    login-ad-default-domain: ""
    login-ad: 0
    login-anon: 0
    login-atla: 0
    login-autotoken: 0
    login-ens: 1
    login-ldap-thirdparty-ens: 0
    login-ldap-thirdparty-profile: 0
    login-ldap: 0
    login-mapped: 0
    login-nt-domain: ""
    login-nt: 0
    login-securid: 0
    login-thirdparty-ens: 0
    login-thirdparty-nonens: 0
    login-thirdparty-superusers: sgd_trusted_user
    login-thirdparty: 0
    login-unix-group: 1
    login-unix-user: 0
    login-web-tokenvalidity: 180
    login-web-user: ttaserv
    server-login: enabled
  • 3. Re: Unix Auth
    Jeffro Newbie
    Currently Being Moderated
    The account may be locked (disabled) in SGD.

    To check:

    tarantella object list_attributes --name ".../_ens/o=Organization/cn=accountname"

    Look for "enabled: 0" in the output. If it's zero, then the account is locked.

    To re-enable:

    tarantella object edit name ".../_ens/o=Organization/cn=accountname" enabled true
  • 4. Re: Unix Auth
    806512 Newbie
    Currently Being Moderated
    Out of curiosity, you wrote "sgd is still giving invalid credentials" - does this imply the login failure was occurring prior to resetting the password?

    Is this only happening for this single user-id, or are other "unix" users affected?

    Is there a Unix user profile for this user-id? If so, check to make sure the username attribute is mapped to the "right" unix userid. And, as suggested, be sure the account (user profile) is enabled.

    I'd take a look at the logs, especially for any jserver errors that might be getting logged.

    If nothing there, you may try setting a "server/login/*:login.log" logfilter to see if that provides any clues.
  • 5. Re: Unix Auth
    805861 Newbie
    Currently Being Moderated
    Which user password did you reset? Did you reset the user password on the SGD server or the application server? If you reset the user password on the application server, can you try launching the application again by holding down the Shift key to reset the password cache?
  • 6. Re: Unix Auth
    SGD_Admin Newbie
    Currently Being Moderated
    We ended up doing a server restart. Restarting SGD did no clear this issue.

    The account is not locked , and the user can login to the server at the unix lievel ( we have checked ) on the sgd servers without issue.

    The user did have the issue prior to our resetting the password. As far as we know it is this user only at this time.
  • 7. Re: Unix Auth
    SGD_Admin Newbie
    Currently Being Moderated
    Hi all,

    The issue has been found, multiple entries for the same user in the ens...

    Thanks for the hints and tips.
  • 8. Re: Unix Auth
    user359577 Newbie
    Currently Being Moderated
    Hi,

    What do you mean by "in the ens..." ?

    Cheers
  • 9. Re: Unix Auth
    SGD_Admin Newbie
    Currently Being Moderated
    The user was built into the ens two times ..

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points