BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
Manoj07k
Obsidian | Level 7

 

We just upgraded our PROD servers from SAS 94M4 to M6 and we’re facing two issues while doing initial test.

 

  1. Users are not able to login to SAS Applications i.e. SMC ,EG and Eminer using user ID and Pwd but they could login via IWA.
  2. SAS Cache Locator Service ins_41415 services are not coming up in both on Compute node and Mid-Tier.

Could you please help to resovle this issue.

1 ACCEPTED SOLUTION

Accepted Solutions
alexal
SAS Employee

@Manoj07k ,

 

You are welcome. I'm glad that the problem has been resolved.

View solution in original post

4 REPLIES 4
alexal
SAS Employee

@Manoj07k ,

Users are not able to login to SAS Applications i.e. SMC ,EG and Eminer using user ID and Pwd but they could login via IWA.

First of all, enable sasauth-debug as described in a document below. Restart both metadata server and object spawner and repeat a problem. Show me sasauth-debug log and if you are using PAM authentication, show me the output from a command below:

sudo grep sasauth /var/log/secure

How to enable sasauth-debug?

 

http://support.sas.com/kb/39/891.html

Manoj07k
Obsidian | Level 7

20190622-13:54:48 Not showing passwords in log.
20190622-13:54:48 sasauth: Process:9341  Started by: 4816
20190622-13:54:48 sasauth: buildVersion=v940m6
20190622-13:54:48 Config: program sasauth
20190622-13:54:48 Config: methods pw
20190622-13:54:48 Config: debugLog /tmp/sasauth-debug.log
20190622-13:54:48 Config: accessLog /tmp/sasauth-access.log
20190622-13:54:48 Config: errorLog /tmp/sasauth-error.log
20190622-13:54:48 Config: logOwner 36960
20190622-13:54:48 Config: debugNoPasswords true
20190622-13:54:48 Config: maxtries 5
20190622-13:54:48 Config: maxtriesPeriod 60
20190622-13:54:48 Config: maxtriesWait 300
20190622-13:54:48 Config: LDAP_AUTH_METHOD BIND
20190622-13:54:48 Config: LDAP_HOST_LIST host1 host2:3000
20190622-13:54:48 Config: LDAP_BIND_SECURITY simple
20190622-13:54:48 Config: LDAP_DN_SEARCH_ATTR uid
20190622-13:54:48 Config: LDAP_GROUP_METHOD USER
20190622-13:54:48 Config: LDAP_GROUP_USE_DN FALSE
20190622-13:54:48 Config: LDAP_SEARCHBASE DC=MYGROUP,DC=MYCOMPANY,DC=COM
20190622-13:54:48 Config: LDAP_USERBASE ou=People
20190622-13:54:48 Config: LDAP_DOMAIN_FORMAT DOMAIN_AFTER_USERBASE
20190622-13:54:48 Config: LDAP_SCHEMA RFC2307
20190622-13:54:48 Config: LDAP_USERNAME_ATTRIBUTE username
20190622-13:54:48 Config: LDAP_UID_ATTRIBUTE uid
20190622-13:54:48 Config: LDAP_GID_ATTRIBUTE gid
20190622-13:54:48 Config: LDAP_PASSWD_ATTRIBUTE password
20190622-13:54:48 Config: LDAP_LASTCHANGE_ATTRIBUTE lastchange
20190622-13:54:48 Config: LDAP_MAXAGE_ATTRIBUTE maxage
20190622-13:54:48 Config: LDAP_ACCTEXPIRE_ATTRIBUTE expire
20190622-13:54:48 Config: LDAP_GROUPS_ATTRIBUTE groups
20190622-13:54:48 Config: LDAP_GROUP_GID_ATTRIBUTE gid
20190622-13:54:48 Config: LDAP_GROUP_MEMBER_ATTRIBUTE member
20190622-13:54:48 Config: LDAP_RFC2307_USERNAME uid
20190622-13:54:48 Config: LDAP_RFC2307_UID uidnumber
20190622-13:54:48 Config: LDAP_RFC2307_GID gidnumber
20190622-13:54:48 Config: LDAP_RFC2307_PASSWD userpassword
20190622-13:54:48 Config: LDAP_RFC2307_LASTCHANGE shadowLastChange
20190622-13:54:48 Config: LDAP_RFC2307_MAXAGE shadowMax
20190622-13:54:48 Config: LDAP_RFC2307_ACCTEXPIRE shadowExpire
20190622-13:54:48 Config: LDAP_RFC2307_GROUPS group
20190622-13:54:48 Config: LDAP_RFC2307_GROUP_GID gidNumber
20190622-13:54:48 Config: LDAP_RFC2307_GROUP_MEMBER memberUid
20190622-13:54:48 Config: LDAP_AD2_USERNAME msSFUName
20190622-13:54:48 Config: LDAP_AD2_UID UidNumber
20190622-13:54:48 Config: LDAP_AD2_GID GidNumber
20190622-13:54:48 Config: LDAP_AD2_PASSWD msSFUPassword
20190622-13:54:48 Config: LDAP_AD2_LASTCHANGE ShadowLastChange
20190622-13:54:48 Config: LDAP_AD2_MAXAGE ShadowMax
20190622-13:54:48 Config: LDAP_AD2_ACCTEXPIRE ShadowExpire
20190622-13:54:48 Config: LDAP_AD2_GROUPS group
20190622-13:54:48 Config: LDAP_AD2_GROUP_GID GidNumber
20190622-13:54:48 Config: LDAP_AD2_GROUP_MEMBER MemberUid
20190622-13:54:48 Config: LDAP_AD3_USERNAME msSFU30Name
20190622-13:54:48 Config: LDAP_AD3_UID msSFU30UidNumber
20190622-13:54:48 Config: LDAP_AD3_GID msSFU30GidNumber
20190622-13:54:48 Config: LDAP_AD3_PASSWD msSFU30Password
20190622-13:54:48 Config: LDAP_AD3_LASTCHANGE msSFU30ShadowLastChange
20190622-13:54:48 Config: LDAP_AD3_MAXAGE msSFU30ShadowMax
20190622-13:54:48 Config: LDAP_AD3_ACCTEXPIRE msSFU30ShadowExpire
20190622-13:54:48 Config: LDAP_AD3_GROUPS group
20190622-13:54:48 Config: LDAP_AD3_GROUP_GID msSFU30GidNumber
20190622-13:54:48 Config: LDAP_AD3_GROUP_MEMBER msSFU30PosixMember
20190622-13:54:48 Adding auth method pw
20190622-13:54:48 pw: buildVersion=v940m6
20190622-13:54:48 Initializing pw
20190622-13:54:48 Initialized 1 methods.
20190622-13:54:48 Loading method gss from /sanpfs-sasinstall/xxxxxxxxxxx/sashome/metadata_binaries/SASFoundation/9.4/utilities/bin/authgss.so
20190622-13:54:48 Using standard unixGetGroups for method gss
20190622-13:54:48 gss: buildVersion=v940m6
20190622-13:54:48 Initializing gss
20190622-13:54:48 gssInit PROGRAM_NAME: sasauth
20190622-13:54:48 Attempting to load GSSAPI library: libvas-gssapi.so
20190622-13:54:48 Attempting to load GSSAPI library: /opt/quest/lib64/libvas-gssapi.so
20190622-13:54:48 Attempting to load GSSAPI library: libgssapi_krb5.so.2
20190622-13:54:48 Using maxtries: 5
20190622-13:54:48 Using maxtries period: 60
20190622-13:54:48 Using maxtries wait: 300
20190622-13:54:48 Authenticating user mkanniap via pw
20190622-13:54:48 pwAuthenticate [ENTER]: username:<mkanniap>
20190622-13:54:48 Authenticating user mkanniap via password database
20190622-13:54:48 Using crypt()/bigcrypt()/crypt16() encryption.
20190622-13:54:48 crypt did not match. Trying SSHA encryption.
20190622-13:54:48 SSHA authenticating user credentials.
20190622-13:54:48 Password not valid for SSHA.
20190622-13:54:48 passwords did not match via SSHA.
20190622-13:54:48 pwAuthenticate [EXIT]: username:<mkanniap> rc:<0x5>
20190622-13:54:48 User mkanniap did not authenticate. Reason: 'Password mismatch.' (pw)
20190622-13:54:48 Request failed: 'Password mismatch.'
20190622-13:55:02 Authenticating user mkanniap via pw
20190622-13:55:02 pwAuthenticate [ENTER]: username:<mkanniap>
20190622-13:55:02 Authenticating user mkanniap via password database
20190622-13:55:02 Using crypt()/bigcrypt()/crypt16() encryption.
20190622-13:55:02 crypt did not match. Trying SSHA encryption.
20190622-13:55:02 SSHA authenticating user credentials.
20190622-13:55:02 Password not valid for SSHA.
20190622-13:55:02 passwords did not match via SSHA.
20190622-13:55:02 pwAuthenticate [EXIT]: username:<mkanniap> rc:<0x5>
20190622-13:55:02 User mkanniap did not authenticate. Reason: 'Password mismatch.' (pw)
20190622-13:55:02 Request failed: 'Password mismatch.'
20190622-13:58:47 Authenticating user ordatta via pw
20190622-13:58:47 pwAuthenticate [ENTER]: username:<ordatta>
20190622-13:58:47 Authenticating user ordatta via password database
20190622-13:58:47 Using crypt()/bigcrypt()/crypt16() encryption.
20190622-13:58:47 crypt did not match. Trying SSHA encryption.
20190622-13:58:47 SSHA authenticating user credentials.
20190622-13:58:47 Password not valid for SSHA.
20190622-13:58:47 passwords did not match via SSHA.
20190622-13:58:47 pwAuthenticate [EXIT]: username:<ordatta> rc:<0x5>
20190622-13:58:47 User ordatta did not authenticate. Reason: 'Password mismatch.' (pw)
20190622-13:58:47 Request failed: 'Password mismatch.'
20190622-13:59:07 Authenticating user ordatta via pw
20190622-13:59:07 pwAuthenticate [ENTER]: username:<ordatta>
20190622-13:59:07 Authenticating user ordatta via password database
20190622-13:59:07 Using crypt()/bigcrypt()/crypt16() encryption.
20190622-13:59:07 crypt did not match. Trying SSHA encryption.
20190622-13:59:07 SSHA authenticating user credentials.
20190622-13:59:07 Password not valid for SSHA.
20190622-13:59:07 passwords did not match via SSHA.
20190622-13:59:07 pwAuthenticate [EXIT]: username:<ordatta> rc:<0x5>
20190622-13:59:07 User ordatta did not authenticate. Reason: 'Password mismatch.' (pw)
20190622-13:59:07 Request failed: 'Password mismatch.'

 

No new error with below comamnd :

sudo grep -i sasauth /var/log/secure 

 

But below are the errors present previous to the upgrade.

 

Jun 21 21:59:32 sl73caexx sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=rsaorim

Jun 21 21:59:32 sl73caexxx sasauth: pam_sss(sasauth:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=rsaorim

Jun 21 21:59:33 sl73caexxx sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=rsaorim

Jun 21 21:59:33 sl73caexxx sasauth: pam_sss(sasauth:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=rsaorim

Jun 21 22:04:31 sl73caexxx sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=rsaorim

Jun 21 22:04:31 sl73caexxx sasauth: pam_sss(sasauth:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=rsaorim

Jun 21 22:10:34 sl73caexxx sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=anzhang

Jun 21 22:10:34 sl73caexxx sasauth: pam_sss(sasauth:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=anzhang

Manoj07k
Obsidian | Level 7
Issue is resolved after changing sasauth.conf in metadat binaries by changing method=pw to method=pam .

Thanks alexal for your support.
alexal
SAS Employee

@Manoj07k ,

 

You are welcome. I'm glad that the problem has been resolved.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 4 replies
  • 2278 views
  • 0 likes
  • 2 in conversation