Architecting, installing and maintaining your SAS environment

EG Connection Linux sas server

Accepted Solution Solved
Reply
Contributor
Posts: 33
Accepted Solution

EG Connection Linux sas server

While connecting to SAS server, repeatedly getting prompted for credentials.

 

work is 777

proc perm test is successful (after enabling PAM)

Metadata log shows the user connection rejected, Access denied, the same user could conduct a successful proc permtest.  The debug and auth logs show pam engaging and user authenticated.  

Object spawner re-started

sasauth-debug:

"Authenticated user xxxxxx (pam)."

sasauth-access

"Authenticated user xxxxxx (pam)."

 

Since I do not see the xxxxxx in objct spawner log, I am testing if firewall not an issue and could ping on ports from xxxxx desktop

 

Meanwhile, any and all insights are more than welcome!


Accepted Solutions
Solution
a month ago
Contributor
Posts: 33

Re: EG Connection Linux sas server

Update:

1. We enabled debugging for metadata log which showed

TRACE [13145048] :sas - Unix OS auth provider called for user rfranklin
2018-05-23T10:40:44,555 INFO [13145048] :sas - Access denied.
2018-05-23T10:40:44,555 TRACE [13145048] :sas - bkAuthenticate failed 80BFD100
2018-05-23T10:40:44,556 DEBUG [13145048] :sas - Provider failed: 80bfd100

 

We checked 

/var/log/secure for any possible /etc/pam.d config file corruption (all ok)

sasauth.conf review (ok)

Looked in AD, no group based limitation and testing IDs were all good and what we expected

 

Light bulb: When we enabled PAM based authentication, we did not restart the metadata ... sigh!  (Just like my professor said, before diving in, look whether the machine is plugged in :-) )

 

The authentication is working properly, life is good.

 

Thank you to all friends who gave their time and shared their knowledge, it is much appreciated!

View solution in original post


All Replies
Super User
Posts: 9,886

Re: EG Connection Linux sas server

[ Edited ]

Could it be that the password has expired? Or that the account has exceeded the failed login count?

---------------------------------------------------------------------------------------------
Maxims of Maximally Efficient SAS Programmers
How to convert datasets to data steps
How to post code
Contributor
Posts: 33

Re: EG Connection Linux sas server

Posted in reply to KurtBremser

Thank you Kurt, this is on Linux and user has had successful login and proc permtest.  I am going to do inttech tests plus turn on metadata debug, 

Super User
Posts: 3,857

Re: EG Connection Linux sas server

This sounds like a problem better suited to SAS Tech Support - raise a track if you haven't already.

SAS Employee
Posts: 61

Re: EG Connection Linux sas server

Does the user have a home directory? If authentication is successful but the workspace is not starting then failure to allocate the SASUSER library because the home directory doesn't exist is something I see from time to time.

Contributor
Posts: 33

Re: EG Connection Linux sas server

Posted in reply to SimonDawson

Hello Simon, the workspace server was connected to using the intech utility and work is 777.  One test user was successful and yes the /home/user is present same user had successful workspace server access test. 

 

While doing metadata connection test (intech utility) received this: "

Access denied.

 

When creating a connection to an IOM server, this error is typically caused by entering an invalid user name or password.  To correct this problem, verify that the user name and password you have entered are valid on the machine where your IOM server is running.  You may also need to qualify your user name with a valid domain if you are connecting to an IOM server running on a Windows domain.

                               

Other possible causes for this error are the user's password has expired, the user must change their password on the next login, or the user account is disabled."

 

However, wrong ID/PWD is not an issue, we ensured no fat fingering either.

 

I will turn on debug on Meta and see, it is puzzling since PAM and proc perm test are all authenticating.  I will check again for the third time if the user registry in meta is correct too...

Solution
a month ago
Contributor
Posts: 33

Re: EG Connection Linux sas server

Update:

1. We enabled debugging for metadata log which showed

TRACE [13145048] :sas - Unix OS auth provider called for user rfranklin
2018-05-23T10:40:44,555 INFO [13145048] :sas - Access denied.
2018-05-23T10:40:44,555 TRACE [13145048] :sas - bkAuthenticate failed 80BFD100
2018-05-23T10:40:44,556 DEBUG [13145048] :sas - Provider failed: 80bfd100

 

We checked 

/var/log/secure for any possible /etc/pam.d config file corruption (all ok)

sasauth.conf review (ok)

Looked in AD, no group based limitation and testing IDs were all good and what we expected

 

Light bulb: When we enabled PAM based authentication, we did not restart the metadata ... sigh!  (Just like my professor said, before diving in, look whether the machine is plugged in :-) )

 

The authentication is working properly, life is good.

 

Thank you to all friends who gave their time and shared their knowledge, it is much appreciated!

☑ This topic is solved.

Need further help from the community? Please ask a new question.

Discussion stats
  • 6 replies
  • 316 views
  • 0 likes
  • 4 in conversation