Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to solve the problem that Oracle users can't su. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

Environment:

Oracle exadata x4-2 computing node only one node can switch to Oracle users through su, other nodes oracle users change passwords many times still can not log in, can not switch to oracle users, can not use oracle users to log in through ssh.

Of the four computing nodes, only one server can connect through oracle users and switch to oracle users through oracle, while the other three computing nodes can not log in and switch.

Native oracle users cannot switch oracle:

Check the user attributes, the oracle users who can log in to the system belong to the wheel group, and exadata disables the local machine for oracle users on x4 environment. If you need to adjust, you can adjust / etc/groups to add oracle users after the wheel group.

Other system oracle users can not log in through ssh, and still can not log in after using root to switch oracle login failure information.

Through the pam_tally2 check, the oracle user is locked out.

PAM (Pluggable Authentication Modules) is an authentication mechanism proposed by Sun. By providing some dynamic link libraries and a set of unified API, it separates the service provided by the system from the authentication mode of the service, so that the system administrator can flexibly configure different authentication methods for different services according to their needs without changing the service program. at the same time, it is also convenient to add new authentication means to the system.

The relevant restrictions are as follows:

/ etc/pam.d/login configuration is restricted only on local text terminals.

/ etc/pam.d/kde calls the time limit system in the kde graphical interface during configuration

Make restrictions on connecting through ssh when configuring in / etc/pam.d/sshd

Any service configured in / etc/pam.d/system-auth that calls the system-auth file will take effect.

View locked user information in the system by executing pam_tally2. If there is no output, there is no user locking in the system.

Oracle user information appears on the system, indicating that the oracle user is locked out. For more information on user lockout policy, please see / etc/pam.d/login configuration.

Unlock it with the following command:

Pam_tally2-r-u oracle

After unlocking, through the pam_tally2 check, the system has no locked users.

The other three computing nodes can be logged in through ssh using oracle users.

The above is the editor for you to share how to solve the problem of Oracle users can not su, if you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.