Blocked sasadm@saspw and inability to use other accounts

MichaelMakushev · Posted 06-21-2019 07:38 AM

Faced with the problem of restoring access sasadm account. Most likely it is for some reason blocked (although it is not clear in what sense to understand this statement)
Found the following recovery tips in the community. However, they did not help.

https://communities.sas.com/t5/Administration-and-Deployment/sasadm-saspw/td-p/153594

I added all possible options to the adminUsers.txt file for completeness.
There is no domain controller in the subnet, so they used only a local account.
However, adding to the file did not help:

; This file contains a list of userids that, when connected
; to the SAS Metadata Server, are considered Administrators
; of the server.  Administrators have a number of special 
; privileges including, but not limited to: 
;     creating and deleting users
;     starting, stopping, and pausing the server
;     creating repositories
; 
; Each line of this file contains a single UserID entry.  
; The entries may be in the following forms: 'userid', 
; 'domain\userid', and 'userid@domain'.
; A semicolon at the beginning of a line indicates that the line is 
; not to be processed.
;
;
; sasadm@saspw

MakushevME
MakushevME@sastest
sastest\MakushevME

2019-06-21T12:34:43,875 WARN  [00000122] :sas - New client connection (9) rejected from server port 8561 for user sasadm@saspw. Peer IP address and port are [::***]:61457 for APPNAME=SAS Enterprise Guide.
2019-06-21T12:34:43,882 INFO  [00000122] :sas - Client connection 9 closed.
2019-06-21T12:43:37,278 WARN  [00000124] :sas - Access to this account ("sasadm") is locked out due to excessive log on failures.
2019-06-21T12:43:37,278 WARN  [00000124] :sas - New client connection (10) rejected from server port 8561 for user sasadm@saspw. Peer IP address and port are [::***]:62440 for APPNAME=SASManagementConsole 904300.
2019-06-21T12:43:37,279 INFO  [00000124] :sas - Client connection 10 closed.

In case of using MakushevME, the system claims that it is a public user without access to metadata (the password and login are checked correctly, because if you enter the wrong password, the system will indicate this separately)
In all other cases, the wrong passwords are also indicated, although this is certainly not the case.

alexal · Posted 06-21-2019 08:20 AM

@MichaelMakushev ,

In all other cases, the wrong passwords are also indicated, although this is certainly not the case.

What kind of authentication are you using in sasauth.conf? PW or PAM? Have you had a chance to run PROC PERMTEST for one of those users?

MichaelMakushev · Posted 07-03-2019 06:17 AM

What kind of authentication are you using in sasauth.conf? PW or PAM?

methods=pw

Have you had a chance to run PROC PERMTEST for one of those users?

The trouble is to run this program in SAS Enterprice Guide, you need to connect to it with this account. But this is impossible due to the above problem (account is blocked)
we tried to use sasdemo account
However, in the Management Console, the sasdemo has read-only rights, and in SAS Enterprice Guida I get this error

26         proc permtest;
ERROR: Procedure PERMTEST not found.
27         run;

alexal · Posted 07-03-2019 06:54 AM

@MichaelMakushev ,

You won't be able to use PROC PERMTEST from the SAS Enterprise Guide. You have to start Base SAS as described in that note.

./sas -path ./utilities/src/auth -nodms

MichaelMakushev · Posted 07-03-2019 08:02 AM

The command issues this:

[sas@sastest 9.4]$ ./sas -path ./utilities/src/auth -nodms
NOTE: Copyright (c) 2002-2012 by SAS Institute Inc., Cary, NC, USA.
NOTE: SAS (r) Proprietary Software 9.4 (TS1M3)
      Licensed to ********** - VAAR CAMPAIGN MNGT, Site 70194084.
NOTE: This session is executing on the Linux 3.10.0-327.el7.x86_64 (LIN X64)
      platform.



NOTE: Additional host information:

 Linux LIN X64 3.10.0-327.el7.x86_64 #1 SMP Thu Oct 29 17:29:29 EDT 2015
      x86_64 Red Hat Enterprise Linux Server release 7.2 (Maipo)

You are running SAS 9. Some SAS 8 files will be automatically converted
by the V9 engine; others are incompatible.  Please see
http://support.sas.com/rnd/migration/planning/platform/64bit.html

PROC MIGRATE will preserve current SAS file attributes and is
recommended for converting all your SAS libraries from any
SAS 8 release to SAS 9.  For details and examples, please see
http://support.sas.com/rnd/migration/index.html


This message is contained in the SAS news file, and is presented upon
initialization.  Edit the file "news" in the "misc/base" directory to
display site-specific news and information in the program log.
The command line option "-nonews" will prevent this display.




NOTE: SAS initialization used:
      real time           0.04 seconds
      cpu time            0.03 seconds

  1?

I found an error in my actions: apparently they forgot to put sasdemo in the sasauth file
We entered Sasdemo now in admin mode and unlocked the recording of the sasadm.

Thank you for your worry

alexal · Posted 07-03-2019 08:11 AM

@MichaelMakushev ,

I'm glad that the problem has been resolved. Do not forget to mark this thread as resolved too.

Blocked sasadm@saspw and inability to use other accounts

Re: Blocked sasadm@saspw and inability to use other accounts

Re: Blocked sasadm@saspw and inability to use other accounts

Re: Blocked sasadm@saspw and inability to use other accounts

Re: Blocked sasadm@saspw and inability to use other accounts

Re: Blocked sasadm@saspw and inability to use other accounts