HP-UX telnet & SSH access denied

Hi,
After restarting the server (HP-UX 11.31 PA RISC) yesterday, NIS users can't telnet / SSH I get: access denied

I have no problem telnet / SSH as root and then su - to NIS user.

Any idea?
questilAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

woolmilkporcCommented:
What do you get with ypwhich and ypwhich -m ?
What is the result of domainname ?
wmp
questilAuthor Commented:
ypwhich, ypwhich -m & domainname provide all the correct info sam on other hosts that we have no problems with.
woolmilkporcCommented:
So ypbind seems basically OK.
How about the home directories? Do the come from remote? Perhaps mounted with wrong permissions? Is automount in use?
Maybe it could help restarting inetd and sshd !

 
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

questilAuthor Commented:
Home directories are mounted from NFS using automount and we had no problems with it until the restart yesterday, and I can access them if I telnet / ssh as root and then su - NIS user.

I tried to restart (kill -1) the inetd & sshd with no luck...
woolmilkporcCommented:
Once you're logged in as root on the machine, does ssh nisuser@localhost work?
Once you su'ed to nisuser, does ssh localhost work?
If either of the above doesn't work, try ssh -v ... or ssh -vv ... (two v's) to get some debugging info.
Try the same with telnet (use -d instead of -v). What are the results?
If this doesn't yield sufficient info - configure sshd to use syslog, then examine the logfile, or start telnet with the "-n tracefile" option.
wmp
 
questilAuthor Commented:
Thanks woolmilkporc!
I restarted the server as part of SRP (secure resource partitions) post installation, and from root when i tried to telnet / ssh nis user@localhos i got:
Compartment access check failed: User is not authorized to login to the compartment associated with this network service.

so it's the SRP effected the system... do you know by any chance what I need to configure to fix it?
woolmilkporcCommented:
OK, that's not really my cup of tea, but as far as I see you need to assign the group your NIS users are in to the correct RBAC role.
This can be done using "srp", like
srp -r compartment_name -s login -login_group=groupname
or maybe with RBAC's roleadm
roleadm assign &groupname SRPlogin-compartment_name
If this has already been done - could it be that the NIS "group" maps are missing ("group.byname", "group.bygid")?
The above are just wild guesses, because I never worked with SRP.
Here is the SRP Admin Guide - http://docs.hp.com/en/5992-4679/5992-4679.pdf
Good luck!
wmp

 

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.