CMS: CMS Supervisor user could not login and the username locked.

Doc ID    SOLN308102
Version:    4.0
Status:    Published
Published date:    05 Dec 2018
Created Date:    13 Apr 2017
Author:   
Ming Jiang
 

Details


Product: CMS supervisor , R17, R18 Linux
Problem: user cannot login the cms supervisor and emphasize the password is correct.

Prompt up message: Connection to specific CMS server could be established

The server did not recognize your ID and/or password, your login shell is not set to CMS or (V8 or CMS only) cmsadm backup is running.


 

Problem Clarification

Have you ever used the ID/Password? Whether it can login normally before this issue occurred?
We tried 2 user accounts which are also current account, no new account.
They also can login before this issue.

When did user cannot login the CMS supervisor?
They cannot login at 12:00 10/03/2017 by CMS supervisor and issue resumed after around 2:30.
In the same period, they can login cms through putty.

Cause

messages log shows like this:

Mar 10 12:19:00 CMS01 pam_asg[31001]: Login for [cms5] - rhost[pc-12510.smc.local],tty[ssh]
Mar 10 12:19:00 CMS01 asglib[31001]: GetKey, Before calling DecKey: enc->key:#037Mk, enckey:
Mar 10 12:19:00 CMS01 pam_asg[31001]: Login cms5 not an ASG login
Mar 10 12:19:01 CMS01 sshd[31075]: Accepted publickey for root from 172.20.96.147 port 33712 ssh2
Mar 10 12:19:02 CMS01 sshd[31075]: Received disconnect from 172.20.96.147: 11: disconnected by user
Mar 10 12:19:02 CMS01 sshd[31088]: Accepted publickey for root from 172.20.96.147 port 33713 ssh2
Mar 10 12:19:02 CMS01 sshd[30999]: error: PAM: Authentication failure for cms5 from pc-12510.smc.local
Mar 10 12:19:02 CMS01 pam_asg[31091]: Login for [cms5] - rhost[pc-12510.smc.local],tty[ssh]
Mar 10 12:19:02 CMS01 asglib[31091]: GetKey, Before calling DecKey: enc->key:k, enckey:
Mar 10 12:19:02 CMS01 pam_asg[31091]: Login cms5 not an ASG login
Mar 10 12:19:02 CMS01 sshd[30999]: Received disconnect from 172.20.180.118: 13: Unable to authenticate [preauth]
Mar 10 12:19:02 CMS01 sshd[31088]: Received disconnect from 172.20.96.147: 11: disconnected by user
Mar 10 12:19:02 CMS01 sshd[31093]: Accepted publickey for root from 172.20.96.147 port 33714 ssh2
Mar 10 12:19:02 CMS01 sshd[31093]: Received disconnect from 172.20.96.147: 11: disconnected by user
Mar 10 12:19:13 CMS01 pam_asg[31117]: Login for [cms5] - rhost[pc-12510.smc.local],tty[ssh]
Mar 10 12:19:13 CMS01 asglib[31117]: GetKey, Before calling DecKey: enc->key:#037#035¬ enckey:
Mar 10 12:19:13 CMS01 pam_asg[31117]: Login cms5 not an ASG login
Mar 10 12:19:15 CMS01 sshd[31115]: error: PAM: Authentication failure for cms5 from pc-12510.smc.local
Mar 10 12:19:15 CMS01 pam_asg[31142]: Login for [cms5] - rhost[pc-12510.smc.local],tty[ssh]
Mar 10 12:19:15 CMS01 asglib[31142]: GetKey, Before calling DecKey: enc->key:?>¬ enckey:
Mar 10 12:19:15 CMS01 pam_asg[31142]: Login cms5 not an ASG login
Mar 10 12:19:16 CMS01 sshd[31143]:

If user  use the wrong password to login to cms by using CMS supervisor, Avaya supervisor will automatically retry the password for 3 times (this is working by design). Thus after 3 times, by default, Linux system will block this user’s access for 1 minute. And user should retry  after 1 minute. If keep retrying within that 1 minute, the account will be kept locking and renewing its locking period. That is probably why the account authentication always failing during that 5 minutes.

You can see there are 36 matches from Mar 10 12:19:00 to Mar 10 12:24:37 for Login for [cms5] in messages log. The login attempt is very intensive.

Solution

And yes, there are many login attempts from Mar 10 12:19:00 to Mar 10 12:24:37, using cms5 account, there are multiple attempts, more than 10 times at least
once enter the wrong password, please wait at least 1 minutes, then retry on supervisor.

Additional Relevant Phrases

Users cannot login to CMS supervisor

Avaya -- Proprietary. Use pursuant to the terms of your signed agreement or Avaya policy