Troubleshooting

This section describes how to resolve problems you might encounter while attempting to log in.

Solving Login Problems

There are several reasons why an attempt to log in can fail. If you are denied access to a computer:

  • Verify that the computer you are trying to log in to has access to an Active Directory domain controller. If an Active Directory domain controller is not available or the local computer is not a member of an Active Directory domain, you might be prevented from logging in because the agent cannot verify that you have authority to access the computer.

  • Verify that you have a complete UNIX identity profile.

  • Verify that you have been issued at least one role with a right that allows you to log in using a standard shell or a restricted shell.

    If you have access only to a restricted shell, you can only execute explicitly defined commands.

    If you have a UNIX profile, but cannot log in to your terminal, you may have been assigned the listed or local listed role. These roles allow your profile to be visible in a zone, but do not grant any access rights.

    After the agent has been installed, you must have a role assigned to your account that gives you log in privileges. If an attempt to log in fails, contact your Active Directory administrator or help desk to determine the roles you have been assigned, the type of access your roles grant, and any limitations associated with your role assignment. For example, roles can have time constraints with specific periods of availability. If you attempt to log in, but the role is not available at the time you attempt to log in, you will be denied access.

Check your Rights and Roles using dzinfo

You can use the dzinfo command to view detailed information about your rights, roles, and role assignments. The dzinfo command allows you to view and capture the output from the command in a single window.

For example, if you are a user named billy in a zone called KHeadquarters, you would type:

dzinfo billy

The output would look similar to the following:

User: billy

Forced into restricted environment: No

Role Name Avail Restricted Env

--------------- ----- --------------

AdminRole Yes Admin

/KHeadquarters /KHeadquarters

Windows Yes Windows

Login/KHeadquar Login/KHeadqua

ters rters

ControlPanelAdm Yes ControlPanelAd

in/KHeadquarter min/KHeadquart

s ers

UNIX Yes None

Login/KHeadquar

ters

Windows Yes Windows

Login/KHeadquar Login/KHeadqua

ters rters

UNIX Yes None

Login/KHeadquarters

 

Effective rights:

Password login

Non password login

Allow normal shell

Audit level:

AuditIfPossible

Always permit login:

true

PAM Application Avail Source Roles

--------------- ----- --------------------

graphical Yes AdminRole/KHea

desktop dquarters

ftp Yes AdminRole/KHea

dquarters

telnet Yes AdminAdminRole/KHea

dquarters

sshd Yes AdminRole/KHea

dquarters

ssh Yes AdminRole/KHea

dquarters

* Yes UNIX

Login/KHeadquarters

SSH Rights Avail Source Roles

--------------- ----- --------------------

dzssh-sftp Yes AdminRole/KHea

dquarters

dzssh-scp Yes AdminRole/KHea

dquarters

dzssh-exec Yes AdminRole/KHea

dquarters

dzssh-shell Yes AdminRole/KHea

dquarters

dzssh-* Yes AdminRole/KHea

dquarters

 

Privileged commands:

Name Avail Command Source Roles

--------------- ----- --------- --------------------

dz_info/KHeadqu Yes dzinfo AdminRole/KHea

arters dquarters

emergency_acess Yes su - root AdminRole/KHea

/KHeadquarters dquarters

emergency_acess Yes su - root UNIX

/KHeadquarters Login/KHeadquarters

emergency_acess Yes su - root Windows

/KHeadquarters Login/KHeadquarters

 

Commands in restricted environment:

Name Avail Command Run As

--------------- ----- --------- ----------

emergency_acess Yes su - root self

/KHeadquarters

 

Commands in restricted environment:

ControlPanelAdmin/KHeadquarters

Name Avail Command Run As

--------------- ----- -------- ----------

(no commands have been configured for

ControlPanelAdmin/KHeadquarters)

 

Commands in restricted environment:

AdminRole/KHeadquarters

Name Avail Command Run As

--------------- ----- --------- ----------

dz_info/KHeadqu Yes dzinfo self

arters

emergency_acess Yes su - root self

/KHeadquarters

 

Commands in restricted environment:

Windows Login/KHeadquarters

Name Avail Command Run As

--------------- ----- ---------- ----------

emergency_acess Yes su - root self

/KHeadquarters