root can not change passwords in smit 1

[june54]

Has anyone experience not being able to use smit to change passwords ... When I select passwords the entry field does not appear ..Anyone have any idea what is happening .I have compared it to our other systems everything looks normal ..

 

[screwloose]

Are you going smitty:

Security & Users/Passwords

and the next screen doesn't appear for Change and Change/Show?

If so, have you recently applied a ML, PTF, or APAR?

 

[june54]

Thanks for responding .........No ML,APARS or PTF done .... we are 5.1.4 ..

 

[sbix]

what says a:
ls -l /etc/passwd
ls -l /etc/group

 

[june54]

SBIX
Both files were own by security white mod of rw-r-r ...

Below is the change I made ... tried smit again no change ...

-rw-rw-r-- 1 root system 3168 Jul 21 07:27 /etc/passwd

-rw-rw-r-- 1 root system 1210 Jul 22 08:25 /etc/group

 

[d3vzero]

Hi June,

What response do you get using the shortpath ?

eg. smitty passwd

____________________
Sometimes it pays to stay in bed on Monday, rather than spending the rest of the week debuging Mondays code.

 

[june54]

SAME this one is weird ,,,,,,,,,,,,,

 

[d3vzero]

Sometimes error messages in smitty cant be seen due to the screen clearing.

Try unsetting your TERM var, and re-running the shortpath.

unset TERM
smitty passwd

This will allow you to see any smitty output prior to the screen clear.

Note that you will have to use something like ESC 0 (Escape Zero) to exit out of smitty ... if you actually gain access to the screen that is ... ;-)

____________________
Sometimes it pays to stay in bed on Monday, rather than spending the rest of the week debuging Mondays code.

 

[june54]

data ...Change a User's Password

Type or select values in entry fields.
Press Enter AFTER making all desired changes.

[Entry Fields]



This is the out put from the unset TERM

 

[d3vzero]

A little more detective work

I would run smitty in Debug mode (smitty -D), and have a look at the tail end contents of the smit.log file.

You would normally see something like this.

----entering smit_dialog (passwd, #
, 1)

asl_max_line: mallocting 20 bytes
asl_max_line: string = Processing data ...


+ asl_getch(): character = fffffffe (hex), 37777777776 (octal)

+ asl_getch(): character = fffffffe (hex), 37777777776 (octal)

    Object class: sm_cmd_hdr,
        id   = "passwd", option_id = "passwd",
        name = "Change a User's Password"

(Dialogue screen selected,
	FastPath    = "passwd",
	id          = "passwd",
	title       = "Change a User's Password".)

    Object class: sm_cmd_opt,
        id   = "passwd", id_seq_num = "01",
        name = "User NAME"

asl_max_line: mallocting 10 bytes
asl_max_line: string = User NAME


asl_max_line: mallocting 25 bytes
asl_max_line: string = Change a User's Password


+ asl_getch(): character = fffffffe (hex), 37777777776 (octal)

+ asl_getch(): character = 18a (hex), 612 (octal)

+ asl_getch(): character = fffffffe (hex), 37777777776 (octal)

See how your output compares.

I would also run lppchk (-l, -f and -c) to verify your system.

____________________
Sometimes it pays to stay in bed on Monday, rather than spending the rest of the week debuging Mondays code.

 

[june54]

Here is my smitty -D .............

asl_max_line: mallocting 20 bytes
asl_max_line: string = Processing data ...


+ asl_getch(): character = fffffffe (hex), 37777777776 (octal)

+ asl_getch(): character = fffffffe (hex), 37777777776 (octal)

Object class: sm_cmd_hdr,
id = "passwd", option_id = "passwd",
name = "Change a User's Password"

(Dialogue screen selected,
FastPath = "passwd",
id = "passwd",
title = "Change a User's Password".)

asl_max_line: mallocting 25 bytes
asl_max_line: string = Change a User's Password


asl_max_line: mallocting 25 bytes
asl_max_line: string = Change a User's Password


asl_max_line: mallocting 25 bytes
asl_max_line: string = Change a User's Password


asl_max_line: mallocting 25 bytes
asl_max_line: string = Change a User's Password


asl_max_line: mallocting 25 bytes
asl_max_line: string = Change a User's Password


+ asl_getch(): character = fffffffe (hex), 37777777776 (octal)

+ asl_getch(): character = 183 (hex), 603 (octal)

+ asl_getch(): character = fffffffe (hex), 37777777776 (octal)

asl_max_line: mallocting 25 bytes
asl_max_line: string = Change a User's Password


asl_max_line: mallocting 45 bytes
asl_max_line: string = Change / Show Password Attributes for a User


asl_max_line: mallocting 10 bytes
asl_max_line: string = Passwords


+ asl_getch(): character = fffffffe (hex), 37777777776 (octal)

+ asl_getch(): character = 183 (hex), 603 (octal)

+ asl_getch(): character = fffffffe (hex), 37777777776 (octal)

1 asl_screen() returned action/index = 0 / 1

asl_max_line: mallocting 6 bytes
asl_max_line: string = Users


asl_max_line: mallocting 7 bytes
asl_max_line: string = Groups


asl_max_line: mallocting 10 bytes
asl_max_line: string = Passwords


asl_max_line: mallocting 15 bytes
asl_max_line: string = Login Controls


asl_max_line: mallocting 6 bytes
asl_max_line: string = Roles


asl_max_line: mallocting 17 bytes
asl_max_line: string = Security & Users


+ asl_getch(): character = fffffffe (hex), 37777777776 (octal)
0 ( 24, 17) FDX

+ asl_getch(): character = 183 (hex), 603 (octal)

+ asl_getch(): character = fffffffe (hex), 37777777776 (octal)

1 asl_screen() returned action/index = 0 / 3





There are some differences ..........

 

[d3vzero]

Does not look good.

I suspect an ODM issue.

Perform the following.

odmget -q "id='passwd'" sm_cmd_opt

You should see something like this.

sm_cmd_opt:
        id_seq_num = "01"
        id = "passwd"
        disc_field_name = ""
        name = "User NAME"
        name_msg_file = "smit.cat"
        name_msg_set = 3
        name_msg_id = 3
        op_type = "l"
        entry_type = "t"
        entry_size = 0
        required = "n"
        prefix = ""
        cmd_to_list_mode = ""
        cmd_to_list = "lsuser -a ALL"
        cmd_to_list_postfix = ""
        multi_select = "n"
        value_index = 0
        disp_values = ""
        values_msg_file = ""
        values_msg_set = 0
        values_msg_id = 0
        aix_values = ""
        help_msg_id = "3004091"
        help_msg_loc = ""
        help_msg_base = ""
        help_msg_book = ""

If you get nothing back, it means the required entry has been removed from the ODM.

If the required entry is there, then also confirm that the /usr/lib/nls/msg/en_US/smit.cat file exists, is of a resonable size (approx 176k), and has not been modified reciently.

If its an ODM issue, you could fix it with an odmput (using the above as input), but if the integrity of the ODM is brought into question, you may be better served by de-installing SMIT and re-installing it.

Hope this has helped somewhat.

BRgds.

____________________
Sometimes it pays to stay in bed on Monday, rather than spending the rest of the week debuging Mondays code.

 

[june54]

Thanks for your help ...... I will let you know the outcome
Take care ...........

 

[june54]

Nothing comes back ...... How do you de-install smit and re-install .. Will this require a reboot of the box ......

 

[d3vzero]

Ouch :-(

Just checked, and bos.rte is responsible for the ODM definitions file.

There is no way your de-installing that.

I'm thinking that you might be able to either re-apply bos.rte using your current software levels, or try upgrading to ML06, and hope it updates bos.rte.

Either way will involve downtime on the box. :-(

What level of bos.rte do you show ?

lslpp -l bos.rte

I'm kind of suprised (though really I shouldnt be) that the lppchk system verifys did'nt highlight anything.

PS. Hope this aint a Live System ;-)

____________________
Sometimes it pays to stay in bed on Monday, rather than spending the rest of the week debuging Mondays code.

 

[june54]

Were are at ML04 and yes it is "big time live " its our production system ......... We have ML05 and ML06 onsite ..
Getiing downtime is really a treat for this box !!!!!!!!!!
I figured it would be really involed ........ Thanks for your help I really appreciated it ....... STAY COOL !!!!!!!

 

[screwloose]

bos.rte.odm has the actual odm command files, like odmshow, which displays output to the screen. This may be your problem. Do you have problems with other screens? At one time I had a problem after applying a new ML and some screens had duplicate entries. IBM acknowledged a problem and had an APAR for it.

If you do reinstall bos.rte.odm, or any *rte* fileset,it would require a reboot since it is part of the base operating system.

An 'lslpp -ap bos.rte.odm' will show all requisites for the selected fileset, and 'lslpp -d bos.rte.odm' will show dependents.

For now change the password on the command line instead of using smitty. I only use smitty for the long commands like crfs.

Good luck.

 

[d3vzero]

Hi June,

I suspect it'll be easy enough to fix your SMIT problem.

We just need to recreate the missing ODM definition.

On one of your systems that has it working do the following.

odmget -q "id='passwd'" sm_cmd_opt >odm_passwd.good

This should create a file with contents the same as previously shown in this thread.

Now copy the file to your production server and issue the following.

admadd odm_passwd.good

Now try your smit menus again.

This can be done on your production server at any time.

Let me know how you do

____________________
Sometimes it pays to stay in bed on Monday, rather than spending the rest of the week debuging Mondays code.

 

[d3vzero]

Sorry ... Should have said to first backup your odm defs with the following, just prior to using the admadd command on your production server. Just to be on the safe side ;-)

odmget sm_cmd_opt >total_odm_sm_cmd_opt.backup

Brgs.

____________________
Sometimes it pays to stay in bed on Monday, rather than spending the rest of the week debuging Mondays code.

 

[screwloose]

I would NOT recomend that you mess with the ODM on your own if you don't have any experience with it. If IBM was directing you to do it, then I would say to (maybe) go ahead, because if they screw it up, even though it is your problem, they will be accountable and have to fix it as quickly as possible.

Also, the sm_cmd_opt is a class in /usr/lib/objrepos which is where the links for the classes in /etc/objrepos are lined to. If you echo ODMDIR you will see that it is /etc/objrepos, so if you try the odmget command using the sm_cmd_opt, you will get this:

0518-506 odmget: Cannot open object class sm_cmd_opt
Check path name and permissions.

This is not a task to be undertaken with a few lines of instruction given on a forum, especially on a critical production server. If something is messed up, you have no recourse. Also, you have no idea what experience somebody on a forum has, they could have been working on AIX since its inception and maybe worked as a kernel developer for IBM, or maybe they have 3 months experience and read in a book and the man pages how to manually manipulate the ODM. With 10 years of experience on AIX and having worked for a Fortune 400 company and for a company that has Federal Gov’t contracts, I would advise that you DO NOT do what was last posted by d3vzero (no offense) since you don’t have the expertise; call IBM.