Posts etiquetados ‘users’

We want to known who will work AIX with duplicated users and groups in the BUILTIN and LDAP databases.

In Linux, with NSS, the OS follows the rules defined in /etc/nsswitch.conf, and merges the credentials. If two users entries same name and different id or vice versa, it will get the first one. But in AIX is different.


Usuarios de servicio en AIX.

Publicado: abril 23, 2010 en aix, fast-tip
Etiquetas:, , , , ,

Cuando aparezca este error:

Apr 23 08:43:41 myhost auth|security:info sshd[737348]: Login restricted for randomuser: There have been too many unsuccessful login attempts; please see \tthe system administrator.Apr 23 08:43:41 myhost auth|security:info sshd[737348]: Failed none for invalid user randomuser from port 21693 ssh2

Se debe a que el número de fallos de autenticación ha sido superado. Se pueden consultar el máximo (loginretries) y el número (unsuccessful_login_count):

lsuser -a loginretries -a unsuccessful_login_count randomuser

Para cambiarlo:

chuser unsuccessful_login_count=0 randomuser

O actualizamos el fichero donde se guarda el contador con:

chsec -f /etc/security/lastlog -a "unsuccessful_login_count=0" -s randomuser

Si el usuario es de sistema y no debe ser bloqueado, optamos por cambiarle estos atributos, para que no se bloquee nunca (“man chuser” para más info):

admin=true # The user is an administrator. Only the root user can change the attributes of users defined as administrators.
expires=0 # expiration date of the account. =0, the account does not
expiremaxage=0 # the maximum age of a password. =0, no maximum age.
maxexpired=-1 # maximum time a user can change an expired password.
minage=0 # the minimum age of a password. =0, no minimum age.
loginretries=-1 # Defines the number of unsuccessful login attempts allowed

chuser admin=true expires=0 maxage=0 maxexpired=-1 minage=0 loginretries=-1 randomuser