Build Forge on HP-UX 11.31
Hi all,
We are trying to get Build Forge running on HP-UX version 11.31, but every time we get a Functional Failure. I tried with the 7.1.1.0 client, and 7.1.1.4 client, both resulting in the same error.
Host: 10.xx.xx.xxx:5555
Agent Version: 7.1.1.4-0-0010
Authentication: root
Platform:
Status: Functional failure
Duration: 4
Does anyone know where to look? I tried changing /etc/pam.conf; but that did not seem to work.
Best Regards,
Frank
" C:\Program Files\IBM\Build Forge>bfservertest pf2eaiodb01 5/7/2010 4:11:44 PM: Services: 5984: CRRBF1381I: Established connection to Build Forge Services.
Got server record for
Test ID is
5/7/2010 4:11:44 PM: ServerTest: 5984: CRRBF0364I: Agent Test initiated for server 'pf2eaiodb01'.
Set cleared store for []
Storing host information for
Agent Connecting...
Storing Agent Version for
cmd ping
username root
encpass 7e6065c96932359a00fb0c0f0abd1c06cbe3196ecd5126292801
go
Sending agent request...
Agent: ]
Agent:
Use of uninitialized value in concatenation (.) or string at bfservertest.pl line 163, <sock> line 5.
Agent: []
5/7/2010 4:11:47 PM: ServerTest: 5984: CRRBF0363I: Agent test completed for server 'pf2eaiodb01', setting error status to 'Y'.
C:\Program Files\IBM\Build Forge> "
We are trying to get Build Forge running on HP-UX version 11.31, but every time we get a Functional Failure. I tried with the 7.1.1.0 client, and 7.1.1.4 client, both resulting in the same error.
Host: 10.xx.xx.xxx:5555
Agent Version: 7.1.1.4-0-0010
Authentication: root
Platform:
Status: Functional failure
Duration: 4
Does anyone know where to look? I tried changing /etc/pam.conf; but that did not seem to work.
Best Regards,
Frank
" C:\Program Files\IBM\Build Forge>bfservertest pf2eaiodb01 5/7/2010 4:11:44 PM: Services: 5984: CRRBF1381I: Established connection to Build Forge Services.
Got server record for
Test ID is
5/7/2010 4:11:44 PM: ServerTest: 5984: CRRBF0364I: Agent Test initiated for server 'pf2eaiodb01'.
Set cleared store for []
Storing host information for
Agent Connecting...
Storing Agent Version for
cmd ping
username root
encpass 7e6065c96932359a00fb0c0f0abd1c06cbe3196ecd5126292801
go
Sending agent request...
Agent: ]
Agent:
Use of uninitialized value in concatenation (.) or string at bfservertest.pl line 163, <sock> line 5.
Agent: []
5/7/2010 4:11:47 PM: ServerTest: 5984: CRRBF0363I: Agent test completed for server 'pf2eaiodb01', setting error status to 'Y'.
C:\Program Files\IBM\Build Forge> "
15 answers
Hi all,
We are trying to get Build Forge running on HP-UX version 11.31, but every time we get a Functional Failure. I tried with the 7.1.1.0 client, and 7.1.1.4 client, both resulting in the same error.
Host: 10.xx.xx.*:5555
Agent Version: 7.1.1.4-0-0010
Authentication: root
Platform:
Status: Functional failure
Duration: 4
Does anyone know where to look? I tried changing /etc/pam.conf; but that did not seem to work.
Best Regards,
Frank
" C:\Program Files\IBM\Build Forge>bfservertest pf2eaiodb01 5/7/2010 4:11:44 PM: Services: 5984: CRRBF1381I: Established connection to Build Forge Services.
Got server record for
Test ID is
5/7/2010 4:11:44 PM: ServerTest: 5984: CRRBF0364I: Agent Test initiated for server 'pf2eaiodb01'.
Set cleared store for []
Storing host information for
Agent Connecting...
Storing Agent Version for
cmd ping
username root
encpass 7e6065c96932359a00fb0c0f0abd1c06cbe3196ecd5126292801
go
Sending agent request...
Agent: ]
Agent:
Use of uninitialized value in concatenation (.) or string at bfservertest.pl line 163, <sock> line 5.
Agent: []
5/7/2010 4:11:47 PM: ServerTest: 5984: CRRBF0363I: Agent test completed for server 'pf2eaiodb01', setting error status to 'Y'.
C:\Program Files\IBM\Build Forge> "
Hi,
It looks like you've pasted the text from a server test. It might make debugging quicker if you directly try to issue these commands from the command line.
telnet localhost 5555
username <user>
password <password>
cmd ping
go
The following message indicates success:
AUTH: set user account to <user>
If the above tests work but jobs are failing, and a test of your server shows a user authentication error, check the pluggable authentication modules (PAM) configuration.
Unfortunately no luck:
# telnet localhost 5555
Trying...
Connected to localhost.
Escape character is '^]'.
200 HELLO - BuildForge Agent v7.1.1.0-0-0022
cmd ping
username root
password *****
go
320 AUTH AuthFail[*AuthUnknownUser,"root"]
251 RESULT 1
260 EOR
go
400 RequestNoCommand
210 GOODBYE - BuildForge Agent v7.1.1.0-0-0022
Connection closed by foreign host.
#
You might try un-remarking the activity_log in bfagent.conf and have that create a log file with some information. Try the test connection again and see if the information logged helps understand the problem. It does seem to be a platform authentication configuration issue though since it's saying that "root" is an unknown user. What do you have in your PAM configuration?
Regards,
Pete
Regards,
Pete
You might try un-remarking the activity_log in bfagent.conf and have that create a log file with some information. Try the test connection again and see if the information logged helps understand the problem. It does seem to be a platform authentication configuration issue though since it's saying that "root" is an unknown user. What do you have in your PAM configuration?
Regards,
Pete
Pete, see below the pam.conf:
# cat /etc/pam.conf
#
# PAM Configuration
#
# Account Management
#
bfagent account required libpam_hpsec.so.1
bfagent account required libpam_unix.so.1
dtaction account required libpam_hpsec.so.1
dtaction account required libpam_unix.so.1
dtlogin account required libpam_hpsec.so.1
dtlogin account required libpam_unix.so.1
ftp account required libpam_hpsec.so.1
ftp account required libpam_unix.so.1
login account required libpam_hpsec.so.1
login account required libpam_unix.so.1
rcomds account required libpam_hpsec.so.1
rcomds account required libpam_unix.so.1
sshd account required libpam_hpsec.so.1
sshd account required libpam_unix.so.1
su account required libpam_hpsec.so.1
su account required libpam_unix.so.1
OTHER account required libpam_hpsec.so.1
OTHER account required libpam_unix.so.1
#
# Authentication Management
#
bfagent auth required libpam_hpsec.so.1
bfagent auth required libpam_unix.so.1
dtaction auth required libpam_hpsec.so.1
dtaction auth required libpam_unix.so.1
dtlogin auth required libpam_hpsec.so.1
dtlogin auth required libpam_unix.so.1
ftp auth required libpam_hpsec.so.1
ftp auth required libpam_unix.so.1
login auth required libpam_hpsec.so.1
login auth required libpam_unix.so.1
rcomds auth required libpam_hpsec.so.1
rcomds auth required libpam_unix.so.1
sshd auth required libpam_hpsec.so.1
sshd auth required libpam_unix.so.1
su auth required libpam_hpsec.so.1 bypass_setaud
su auth required libpam_unix.so.1
OTHER auth required libpam_hpsec.so.1
OTHER auth required libpam_unix.so.1
#
# Password Management
#
dtlogin password required libpam_hpsec.so.1
dtlogin password required libpam_unix.so.1
login password required libpam_hpsec.so.1
login password required libpam_unix.so.1
passwd password required libpam_hpsec.so.1
passwd password required libpam_unix.so.1
sshd password required libpam_hpsec.so.1
sshd password required libpam_unix.so.1
OTHER password required libpam_hpsec.so.1
OTHER password required libpam_unix.so.1
#
# Session Management
#
bfagent session required libpam_hpsec.so.1
bfagent session required libpam_unix.so.1
dtlogin session required libpam_hpsec.so.1
dtlogin session required libpam_unix.so.1
ftp session required libpam_hpsec.so.1 bypass_limit_login bypass_umask bypass_nologin
ftp session required libpam_unix.so.1
login session required libpam_hpsec.so.1
login session required libpam_unix.so.1
rcomds session required libpam_hpsec.so.1 bypass_limit_login
rcomds session required libpam_unix.so.1
sshd session required libpam_hpsec.so.1
sshd session required libpam_unix.so.1
OTHER session required libpam_hpsec.so.1
OTHER session required libpam_unix.so.1
#
I believe we'd need to see the activity_log from the Agent or trace from the OS auth services to determine why it's failing. However, make sure the Agent is running as root so it can use the OS authentication services to auth and switch users. If you don't want to run the Agent as root, there are other alternatives we can explore. Make sure the root password you are using in your server auth is the OS root password, not the BF root password. Also, try a different OS user besides root to see if that works.
Regards,
Pete
Regards,
Pete
Hmm.. not much I see in the activity logs:
On the Telnet connection I type:
And on the activity log it shows:
On the Telnet connection I type:
# telnet XX.XX.XX.XX 5555
Trying...
Connected to XX.XX.XX.XX.
Escape character is '^]'.
200 HELLO - BuildForge Agent v7.1.1.0-0-0022
cmd ping
username root
password ****
go
320 AUTH AuthFail[*AuthUnknownUser,"root"]
251 RESULT 1
260 EOR
cmd ping
username oracle
password ****
go
320 AUTH AuthFail[*AuthUnknownUser,"oracle"]
251 RESULT 1
260 EOR
And on the activity log it shows:
[ 20173] agent.c : 518: tag: cmd
[ 20173] agent.c : 518: tag: username
[ 20173] agent.c : 518: tag: password
[ 20173] agent.c : 417: tag: go
[ 20173] agent.c : 348: agent_process_request
[ 20173] agent.c : 219: agent_process_command cmd=[ping]
[ 20173] agent.c : 116: AUTH normal
[ 20173] pam.c : 70: AUTH using PAM
[ 20173] agent.c : 254: AUTH failed
[ 20173] agent.c : 197: ClobberPasswords
[ 20173] agent.c : 518: tag: cmd
[ 20173] agent.c : 518: tag: username
[ 20173] agent.c : 518: tag: password
[ 20173] agent.c : 417: tag: go
[ 20173] agent.c : 348: agent_process_request
[ 20173] agent.c : 219: agent_process_command cmd=[ping]
[ 20173] agent.c : 116: AUTH normal
[ 20173] pam.c : 70: AUTH using PAM
[ 20173] agent.c : 254: AUTH failed
[ 20173] agent.c : 197: ClobberPasswords
See if you can add "debug" at the end of the "libpam_unix.so.1" module to gather more information. This is a failure authenticating at the OS so that's were we should try to focus debugging. Make sure the user/password you are sending to the agent are OS users not BF users and make sure the Agent is running under the root ID so that it has the authority to authenticate other users. Let me know if the PAM debug flag shows more information.
Regards,
Pete
Regards,
Pete
It looks like we are getting somewhere, the result of the PAM-debug shows the following, any idea how to proceed from here?
Additionally, looking into that folder:
May 27 18:29:16 syslogd: restart
May 27 18:29:41 syslogd: restart
May 27 18:29:55 PAM: pam_start(bfagent root)
May 27 18:29:55 PAM: pam_set_item(1)
May 27 18:29:55 PAM: pam_set_item(2)
May 27 18:29:55 PAM: pam_set_item(5)
May 27 18:29:55 PAM: pam_authenticate()
May 27 18:29:55 PAM: load_modules: /usr/lib/security/libpam_hpsec.so.1
May 27 18:29:55 PAM: open_module: /usr/lib/security/libpam_hpsec.so.1 failed: Error 0 Can't open shared library: /usr/lib/libacps.1
May 27 18:29:55 PAM: load_modules: can not open module /usr/lib/security/libpam_hpsec.so.1
May 27 18:29:55 PAM: pam_authenticate: load_modules failed
May 27 18:29:55 PAM: pam_authenticate: returning 1
May 27 18:29:55 PAM: pam_end(): status = Success
Additionally, looking into that folder:
# pwd
/usr/lib
# find . | grep acp
./hpux32/libacps.so
./hpux32/libacps.so.1
./hpux32/libfmthp_apalacp.so
./hpux32/libfmthp_apalacp.so.1
./nls/msg/C/fmthp_apalacp.cat
./hpux64/libacps.so
./hpux64/libacps.so.1
./security/hpux32/libacpm_hpux_rbac.so
./security/hpux32/libacpm_hpux_rbac.so.1
./security/hpux64/libacpm_hpux_rbac.so
./security/hpux64/libacpm_hpux_rbac.so.1
#
# pwd
/usr
# find . | grep libacps.1
#
page 1of 1 pagesof 2 pages