SEO

Production server rp7410 hp11v2, Test server rp5450 hp11v2 both have
Dec '07 Quality Pack installed. Both up to date on patches. Network
is a Windows Active Directory (AD).

The Test server is a clone of the Production server, and I've been
working with HP support on a couple of sambaclient problems. We have
been using the Test server to try solutions and when we are confident
the changes/patches works on the Test sever I do the same changes on
the Production server.

Before I started to make any changes on the Production server users
could use either their 'network' or their 'unix' (local) passwords
when logging in. However somewhere along the way this stopped working
on the Production server for thoses people that their network and
local unix passwords are different, it still works on the Test server.

syslogs does show this, when some with different passwords ties
network password first:

Mar 12 14:33:02 leto sshd[12931]: while verifying tgt[Unknown code
____ 255]
Mar 12 14:33:02 leto sshd[12931]: [Authentication failed] Password not
valid
Mar 12 14:33:08 leto sshd[12931]: error: PAM: Authentication failed
for User1 from uaxxxx.graceland.edu
Mar 12 14:33:11 leto sshd[12931]: [Authentication failed] Password not
valid
Mar 12 14:33:11 leto sshd[12931]: Accepted password for User1 from
10.125.xx.xx port 4891 ssh2
Mar 12 14:33:11 leto sshd[12931]: Pam Creds are not available


To the best of my knowledge both servers are configured the same for
Kerberos and PAM. I have checked /etc/krb5.conf & /etc/pam.krb5 on
both systems and they are identical. (HP support wanted me to change
which AD server we point to) Changing the file back has no affect.

Besides /etc/krb5.conf what other files might I look at so see if
there is some slight difference between the two servers that Kerberos
uses?

John

Are your clocks synchronized?

jda wrote:
> Production server rp7410 hp11v2, Test server rp5450 hp11v2 both have
> Dec '07 Quality Pack installed. Both up to date on patches. Network
> is a Windows Active Directory (AD).
>
> The Test server is a clone of the Production server, and I've been
> working with HP support on a couple of sambaclient problems. We have
> been using the Test server to try solutions and when we are confident
> the changes/patches works on the Test sever I do the same changes on
> the Production server.
>
> Before I started to make any changes on the Production server users
> could use either their 'network' or their 'unix' (local) passwords
> when logging in. However somewhere along the way this stopped working
> on the Production server for thoses people that their network and
> local unix passwords are different, it still works on the Test server.
>
> syslogs does show this, when some with different passwords ties
> network password first:
>
> Mar 12 14:33:02 leto sshd[12931]: while verifying tgt[Unknown code
> ____ 255]
> Mar 12 14:33:02 leto sshd[12931]: [Authentication failed] Password not
> valid
> Mar 12 14:33:08 leto sshd[12931]: error: PAM: Authentication failed
> for User1 from uaxxxx.graceland.edu
> Mar 12 14:33:11 leto sshd[12931]: [Authentication failed] Password not
> valid
> Mar 12 14:33:11 leto sshd[12931]: Accepted password for User1 from
> 10.125.xx.xx port 4891 ssh2
> Mar 12 14:33:11 leto sshd[12931]: Pam Creds are not available
>
>
> To the best of my knowledge both servers are configured the same for
> Kerberos and PAM. I have checked /etc/krb5.conf & /etc/pam.krb5 on
> both systems and they are identical. (HP support wanted me to change
> which AD server we point to) Changing the file back has no affect.
>
> Besides /etc/krb5.conf what other files might I look at so see if
> there is some slight difference between the two servers that Kerberos
> uses?
>
> John
>

On Mar 12, 2:59*pm, Tom Smith <sm...@cag.zko.hp.com> wrote:
> Are your clocks synchronized?
>

Yes, well within a second or two . The two HPUX servers seem to be
dead on and the windows server 1-2 seconds faster.

John