Topic
  • 4 replies
  • Latest Post - ‏2013-06-13T15:27:33Z by myRational
myRational
myRational
3 Posts

Pinned topic CCRC Logon Failure

‏2013-06-11T20:42:42Z |

Suddenly, users cannot connect to the CM server in CCRC.  We get the following error:

CRVAP0383E Logon failure: unknown user name or bad password.
CRVSV0078E Error from RPC server: CRVSV0841E 'CRVSV0585E Attempted login failed: Unable to login: username or password is incorrect

Unable to login: username or password is incorrect'

CM server is a linux server: Red Hat Enterprise Linux Server release 5.8

ClearCase is v7.1.2.9

This error is NOT due to issues with ccrctemp; everything appears to be in order with this directory.

I do not believe this issue has anything to do with PAM; this has been configured.

It was previously working and now is not.

Internet searches keep referring me to the same issues above which are typically for 7.0.x and older versions.

I suspect something else is wrong, and this is a symptom of the real problem, but at this point I am at a loss.

Anyone have any ideas?

Thanks,

Mike Rago

  • JirongHu
    JirongHu
    687 Posts

    Re: CCRC Logon Failure

    ‏2013-06-11T21:13:23Z  

    Did you see anything at Imgrd.log? Note no domain is required in user id, e.g. not <domain>/id, but id only.

  • myRational
    myRational
    3 Posts

    Re: CCRC Logon Failure

    ‏2013-06-11T22:01:51Z  

    We use ClearCase licensing, not Rational Common Licensing (Flexlm).  No lmgrd.log.

    Domain is not being entered as part ot the login ID.  IDs are being entered correctly.

    I am the CC admin and this behavior is happening to me as well as the users.  It was working previously.  I am not aware of any changes to the server but I am still verifying this.  What changes would prompt this behavior?

  • brcowan
    brcowan
    763 Posts

    Re: CCRC Logon Failure

    ‏2013-06-12T21:01:55Z  

    We use ClearCase licensing, not Rational Common Licensing (Flexlm).  No lmgrd.log.

    Domain is not being entered as part ot the login ID.  IDs are being entered correctly.

    I am the CC admin and this behavior is happening to me as well as the users.  It was working previously.  I am not aware of any changes to the server but I am still verifying this.  What changes would prompt this behavior?

    Well, there are a couple of things to check...

    1. Can you log in via telnet or ssh?
    2. You mentioned that you're using PAM. If you set up a purely local user that only authenticates through the local databases (/etc/passwd & /etc/shadow), can that user log in through CCRC?
    3. Can "root" get in?
  • myRational
    myRational
    3 Posts

    Re: CCRC Logon Failure

    ‏2013-06-13T15:27:33Z  

    Sorry brcowan, I left those important details out.  However, this issue has been resolved.  Here's the whole story.

    All users IDs and pwds were valid and everyone was able to login to the server directly.  No server problems, ClearCase and the CM Server both appeared to be working correctly.  ccrctemp was configured properly.

    These servers have been re-imaged with a new version of the OS and ClearCase, ClearQuest and the CM server.  I installed ClearCase and tested the installation and everything was working fine.  This was several months ago.  All other related work is now complete and we are starting to migrate the applications we support in ClearCase to these servers.  The problem showed itself as the first group of users were migrated to the new servers.

    You could connect to the server in CCRC the first time you tried.  After that, you would get the error in the original post.  After the issue was reported to me, I was able to connect one time and then after that I got the error as well.

    It turned out to be a PAM issue.  In the file /etc/pam.d/system-auth on the CM server, there is one line that needed to be commented out:

    #auth        required      pam_tally.so deny=3

    When this line was not commented out, the error occurred.  With the help of a Rational tech (thanks Pedro!) we were able to track this down.  We compared this file to the same file on our current CM server and discovered this difference.  As soon as I modified this line, things started working.

    The /etc/pam.d/system-auth file is generated.  From the file itself:

    #%PAM-1.0
    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
     

    I have sent an email to our SA to see if this file was regenerated recently and asking how we can ensure that it is generated the way we want if it ever happens again.  I suspect it was regenerated as it was configured properly and everything was working after I installed and tested CC and CM server. Have not heard back from our SA yet.

    After we discovered and fixed the problem, I vaguely remember working with this file to fix authentication issues in the past.  I can't remember if we had a Rational tech involved previously or not.  However, I cannot find anything specifically mentioning modifications to this file in any of the PAM/CC technotes.

    Thanks JirongHu and brcowan for your replies.