Troubleshooting

This section describes how to resolve problems you might encounter while attempting to log in.

Solving Login Problems

There are several reasons why an attempt to log in can fail. If you are denied access to a computer:

  • Verify that the computer you are trying to log in to has access to an Active Directory domain controller. If an Active Directory domain controller is not available or the local computer is not a member of an Active Directory domain, you might be prevented from logging in because the agent cannot verify that you have authority to access the computer.

  • Verify that you have a complete UNIX identity profile.

  • Verify that you have been issued at least one role with a right that allows you to log in using a standard shell or a restricted shell.

    If you have access only to a restricted shell, you can only execute explicitly defined commands.

    If you have a UNIX profile, but cannot log in to your terminal, you may have been assigned the listed or local listed role. These roles allow your profile to be visible in a zone, but do not grant any access rights.

    After the agent has been installed, you must have a role assigned to your account that gives you log in privileges. If an attempt to log in fails, contact your Active Directory administrator or help desk to determine the roles you have been assigned, the type of access your roles grant, and any limitations associated with your role assignment. For example, roles can have time constraints with specific periods of availability. If you attempt to log in, but the role is not available at the time you attempt to log in, you will be denied access.

Check your Rights and Roles using dzinfo

You can use the dzinfo command to view detailed information about your rights, roles, and role assignments. The dzinfo command allows you to view and capture the output from the command in a single window.

For example, if you are a user named billy in a zone called KHeadquarters, you would type:

dzinfo billy

The output would look similar to the following: 

User: billy
Forced into restricted environment: No
Role Name        Avail 	Restricted Env
---------------  ----- 	--------------
AdminRole 	 Yes   	Admin
/KHeadquarters 		/KHeadquarters
Windows          Yes   	Windows
Login/KHeadquar        	Login/KHeadqua
ters                   		rters
ControlPanelAdm  Yes  	ControlPanelAd
in/KHeadquarter        	min/KHeadquart
s                      		ers
UNIX             Yes   	None
Login/KHeadquar
ters
Windows          Yes   	Windows
Login/KHeadquar        	Login/KHeadqua
ters                   		rters
UNIX             Yes   	None
Login/KHeadquarters
 
Effective rights:
Password login
Non password login
Allow normal shell
Audit level:
AuditIfPossible
Always permit login:
true
PAM Application  Avail Source Roles
---------------  ----- --------------------
graphical        Yes   AdminRole/KHea
desktop                	dquarters
ftp              Yes   AdminRole/KHea
dquarters
telnet           Yes   AdminAdminRole/KHea
dquarters
sshd             Yes   AdminRole/KHea
dquarters
ssh              Yes   AdminRole/KHea
dquarters
*                Yes   UNIX
Login/KHeadquarters
SSH Rights       Avail Source Roles
---------------  ----- --------------------
dzssh-sftp       Yes   AdminRole/KHea
dquarters
dzssh-scp        Yes   AdminRole/KHea
dquarters
dzssh-exec       Yes   AdminRole/KHea
dquarters
dzssh-shell      Yes   AdminRole/KHea
dquarters
dzssh-*          Yes   AdminRole/KHea
dquarters
 
Privileged commands:
Name             Avail Command   Source Roles
--------------- ----- --------- --------------------
dz_info/KHeadqu  Yes dzinfo     AdminRole/KHea
arters                             dquarters
emergency_acess  Yes su - root  AdminRole/KHea
/KHeadquarters                     dquarters
emergency_acess  Yes su - root  UNIX
/KHeadquarters                  Login/KHeadquarters
emergency_acess  Yes su - root  Windows
/KHeadquarters                  Login/KHeadquarters
 
Commands in restricted environment:
Name             Avail Command   Run As
---------------  ----- --------- ----------
emergency_acess  Yes   su - root self
/KHeadquarters
 
Commands in restricted environment:
ControlPanelAdmin/KHeadquarters
Name             Avail Command   Run As
---------------  ----- --------  ----------
(no commands have been configured for
ControlPanelAdmin/KHeadquarters)
 
Commands in restricted environment:
AdminRole/KHeadquarters
Name             Avail Command   Run As
---------------  ----- --------- ----------
dz_info/KHeadqu  Yes   dzinfo    self
arters
emergency_acess  Yes   su - root  self
/KHeadquarters
 
Commands in restricted environment:
Windows Login/KHeadquarters
Name             Avail Command    Run As
---------------  ----- ---------- ----------
emergency_acess  Yes   su - root  self
/KHeadquarters