9 Replies Latest reply on Jan 24, 2013 4:37 PM by SGD_Admin

    Unix Auth

      Hi .. we are on Solaris 10, SGD v 4.62.913 .. when we reset a password in unix, sgd is still giving invalid credentials. We went in and deleted the cached entries for each sgd server, still not working. Thoughts/Suggestions please.

        • 1. Re: Unix Auth
          invalid credentials @ login to the SGD webtop? provide details of

          $ tarantella config list | grep login

          have you restarted the SGD servers?
          • 2. Re: Unix Auth
            restart SGD? for a simple user password change? not optimal and why would it be necessary ?

            login-ad-base-domain: ""
            login-ad-default-domain: ""
            login-ad: 0
            login-anon: 0
            login-atla: 0
            login-autotoken: 0
            login-ens: 1
            login-ldap-thirdparty-ens: 0
            login-ldap-thirdparty-profile: 0
            login-ldap: 0
            login-mapped: 0
            login-nt-domain: ""
            login-nt: 0
            login-securid: 0
            login-thirdparty-ens: 0
            login-thirdparty-nonens: 0
            login-thirdparty-superusers: sgd_trusted_user
            login-thirdparty: 0
            login-unix-group: 1
            login-unix-user: 0
            login-web-tokenvalidity: 180
            login-web-user: ttaserv
            server-login: enabled
            • 3. Re: Unix Auth
              The account may be locked (disabled) in SGD.

              To check:

              tarantella object list_attributes --name ".../_ens/o=Organization/cn=accountname"

              Look for "enabled: 0" in the output. If it's zero, then the account is locked.

              To re-enable:

              tarantella object edit name ".../_ens/o=Organization/cn=accountname" enabled true
              • 4. Re: Unix Auth
                Out of curiosity, you wrote "sgd is still giving invalid credentials" - does this imply the login failure was occurring prior to resetting the password?

                Is this only happening for this single user-id, or are other "unix" users affected?

                Is there a Unix user profile for this user-id? If so, check to make sure the username attribute is mapped to the "right" unix userid. And, as suggested, be sure the account (user profile) is enabled.

                I'd take a look at the logs, especially for any jserver errors that might be getting logged.

                If nothing there, you may try setting a "server/login/*:login.log" logfilter to see if that provides any clues.
                • 5. Re: Unix Auth
                  Which user password did you reset? Did you reset the user password on the SGD server or the application server? If you reset the user password on the application server, can you try launching the application again by holding down the Shift key to reset the password cache?
                  • 6. Re: Unix Auth
                    We ended up doing a server restart. Restarting SGD did no clear this issue.

                    The account is not locked , and the user can login to the server at the unix lievel ( we have checked ) on the sgd servers without issue.

                    The user did have the issue prior to our resetting the password. As far as we know it is this user only at this time.
                    • 7. Re: Unix Auth
                      Hi all,

                      The issue has been found, multiple entries for the same user in the ens...

                      Thanks for the hints and tips.
                      • 8. Re: Unix Auth

                        What do you mean by "in the ens..." ?

                        • 9. Re: Unix Auth
                          The user was built into the ens two times ..