Crontab problem for oracle user on Exadata

[oracle@exa01dbadm02 ~]$ crontab -l

You (oracle) are not allowed to use this program (crontab)

See crontab(1) for more information

[oracle@exa01dbadm01 ~]$ crontab -l

Authentication token is no longer valid; new one required

You (oracle) are not allowed to access to (crontab) because of pam configuration.

SOLUTION:

  1. Check the crontab process/service is running or not
    1.  [root@exa01dbadm01 ~]# ps -ef | grep crond
      root 4892 1 0 2015 ? 00:00:17 crond
      root 82440 81551 0 15:46 pts/12 00:00:00 grep crond
      [root@exa01dbadm01 ~]#
  2. check crond status
    1. [root@exa01dbadm01 ~]# /etc/init.d/crond status
      crond (pid 4892) is running…
      [root@exa01dbadm01 ~]# service crond status
      crond (pid 4892) is running...
      [root@exa01dbadm01 ~]#
  3. Check the crontab for oracle user (or any user)
    1.  [root@exa01dbadm01 ~]# crontab -l  -u oracle

      Authentication token is no longer valid; new one required

      You (oracle) are not allowed to access to (crontab) because of pam configuration.

  4. check log of /var/log/cron and /var/log/secure
    1. less /var/log/cron    
      1.  Jan 13 02:00:01 exa01dbadm01 crond[22810]: (oracle) FAILED to authorize user with PAM (Authentication token is no longer valid; new one required)
        Jan 13 02:00:01 exa01dbadm01 CROND[22813]: (root) CMD (su – oracle -c /u01/app/oracle/product/12.1.0.2/dbhome_1/admin/clean_audit_U01.sh > /dev/null 2>&1)
        Jan 13 02:00:01 exa01dbadm01 CROND[22814]: (root) CMD (/usr/lib64/sa/sa1 1 1)
        Jan 13 02:00:01 exa01dbadm01 CROND[22815]: (root) CMD (su – oracle -c /u02/app/oracle/product/12.1.0.2/dbhome_2/admin/clean_audit_U02.sh > /dev/null 2>&1)
        Jan 13 02:01:01 exa01dbadm01 CROND[25068]: (root) CMD (run-parts /etc/cron.hourly)
        Jan 13 02:01:01 exa01dbadm01 run-parts(/etc/cron.hourly)[25068]: starting 0anacron
        Jan 13 02:01:01 exa01dbadm01 anacron[25077]: Anacron started on 2016-01-13
        Jan 13 02:01:01 exa01dbadm01 anacron[25077]: Jobs will be executed sequentially
        Jan 13 02:01:01 exa01dbadm01 anacron[25077]: Normal exit (0 jobs run)
        Jan 13 02:01:01 exa01dbadm01 run-parts(/etc/cron.hourly)[25079]: finished 0anacron
        Jan 13 02:10:01 exa01dbadm01 CROND[50024]: (root) CMD (/usr/lib64/sa/sa1 1 1)
        Jan 13 02:12:01 exa01dbadm01 CROND[54266]: (root) CMD (export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin && [ -x /usr/sbin/uptrack-upgrade ] && /usr/sbin/uptrack-upgrade –cron)
        Jan 13 02:15:01 exa01dbadm01 crond[59789]: (oracle) FAILED to authorize user with PAM (Authentication token is no longer valid; new one required)
        Jan 13 02:20:01 exa01dbadm01 CROND[71229]: (root) CMD (/usr/lib64/sa/sa1 1 1)
        Jan 13 02:30:01 exa01dbadm01 crond[92087]: (oracle) FAILED to authorize user with PAM (Authentication token is no longer valid; new one required)
        Jan 13 02:30:01 exa01dbadm01 CROND[92091]: (root) CMD (/usr/lib64/sa/sa1 1 1)
        Jan 13 02:30:01 exa01dbadm01 CROND[92090]: (root) CMD (su – oracle -c /u02/app/oracle/product/12.1.0.2/dbhome_2/admin/clean_audit_U02.sh > /dev/null 2>&1)
        Jan 13 02:30:01 exa01dbadm01 CROND[92092]: (root) CMD (su – oracle -c /u01/app/oracle/product/12.1.0.2/dbhome_1/admin/clean_audit_U01.sh > /dev/null 2>&1)
        Jan 13 02:40:01 exa01dbadm01 CROND[121082]: (root) CMD (/usr/lib64/sa/sa1 1 1)
        Jan 13 02:42:01 exa01dbadm01 CROND[127535]: (root) CMD (export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin && [ -x /usr/sbin/uptrack-upgrade ] && /usr/sbin/uptrack-upgrade –cron)
        Jan 13 02:45:01 exa01dbadm01 crond[4397]: (oracle) FAILED to authorize user with PAM (Authentication token is no longer valid; new one required)
        Jan 13 02:50:01 exa01dbadm01 CROND[20125]: (root) CMD (/usr/lib64/sa/sa1 1 1)
        Jan 13 03:00:01 exa01dbadm01 crond[49502]: (oracle) FAILED to authorize user with PAM (Authentication token is no longer valid; new one required)
        Jan 13 03:00:01 exa01dbadm01 crond[49501]: (oracle) FAILED to authorize user with PAM (Authentication token is no longer valid; new one required)
      2. less /var/log/secure
        1.  Jan 13 01:47:51 exa01dbadm01 sshd[84108]: Transferred: sent 46184, received 44992 bytes
          Jan 13 01:47:51 exa01dbadm01 sshd[84108]: Closing connection to 172.18.9.70 port 59217
          Jan 13 02:00:01 exa01dbadm01 crond[22810]: pam_unix(crond:account): expired password for user oracle (password aged)
          Jan 13 02:00:01 exa01dbadm01 su: pam_unix(su-l:session): session opened for user oracle by (uid=0)
          Jan 13 02:00:01 exa01dbadm01 su: pam_unix(su-l:session): session opened for user oracle by (uid=0)
          Jan 13 02:00:01 exa01dbadm01 su: pam_unix(su-l:session): session closed for user oracle
          Jan 13 02:00:01 exa01dbadm01 su: pam_unix(su-l:session): session closed for user oracle
          Jan 13 02:15:01 exa01dbadm01 crond[59789]: pam_unix(crond:account): expired password for user oracle (password aged)
          Jan 13 02:30:01 exa01dbadm01 crond[92087]: pam_unix(crond:account): expired password for user oracle (password aged)
          Jan 13 02:30:01 exa01dbadm01 su: pam_unix(su-l:session): session opened for user oracle by (uid=0)
          Jan 13 02:30:01 exa01dbadm01 su: pam_unix(su-l:session): session opened for user oracle by (uid=0)
          Jan 13 02:30:01 exa01dbadm01 su: pam_unix(su-l:session): session closed for user oracle
          Jan 13 02:30:01 exa01dbadm01 su: pam_unix(su-l:session): session closed for user oracle
          Jan 13 02:45:01 exa01dbadm01 crond[4397]: pam_unix(crond:account): expired password for user oracle (password aged)
          Jan 13 02:50:17 exa01dbadm01 bphdb: pam_securetty(login:auth): cannot determine user’s tty
          Jan 13 03:00:01 exa01dbadm01 crond[49502]: pam_unix(crond:account): expired password for user oracle (password aged)
          Jan 13 03:00:01 exa01dbadm01 crond[49501]: pam_unix(crond:account): expired password for user oracle (password aged)
          Jan 13 03:00:02 exa01dbadm01 su: pam_unix(su-l:session): session opened for user oracle by (uid=0)
          Jan 13 03:00:02 exa01dbadm01 su: pam_unix(su-l:session): session closed for user oracle
          Jan 13 03:00:02 exa01dbadm01 su: pam_unix(su-l:session): session opened for user oracle by (uid=0)
          Jan 13 03:00:02 exa01dbadm01 su: pam_unix(su-l:session): session closed for user oracle
          Jan 13 03:15:01 exa01dbadm01 crond[129452]: pam_unix(crond:account): expired password for user oracle (password aged)
          Jan 13 03:30:01 exa01dbadm01 crond[31675]: pam_unix(crond:account): expired password for user oracle (password aged)
          Jan 13 03:30:01 exa01dbadm01 su: pam_unix(su-l:session): session opened for user oracle by (uid=0)
          Jan 13 03:30:01 exa01dbadm01 su: pam_unix(su-l:session): session opened for user oracle by (uid=0)
          Jan 13 03:30:01 exa01dbadm01 su: pam_unix(su-l:session): session closed for user oracle
          Jan 13 03:30:01 exa01dbadm01 su: pam_unix(su-l:session): session closed for user oracle
          Jan 13 03:45:01 exa01dbadm01 crond[68557]: pam_unix(crond:account): expired password for user oracle (password aged)
          Jan 13 04:00:01 exa01dbadm01 crond[110817]: pam_unix(crond:account): expired password for user oracle (password aged)
  5. check oracle user when expired
    1. [root@exa01dbadm01 ~]# chage -l oracle
      Last password change : Oct 14, 2015
      Password expires : Jan 12, 2016
      Password inactive : never
      Account expires : never
      Minimum number of days between password change : 1
      Maximum number of days between password change : 90
      Number of days of warning before password expires : 7
    2. change oracle user’s  password to never expire.
      1. [root@exa01dbadm01 ~]# chage -M 99999 -m 99999 oracle
        [root@exa01dbadm01 ~]# chage -l oracle
        Last password change : Oct 14, 2015
        Password expires : never
        Password inactive : never
        Account expires : never
        Minimum number of days between password change : 99999
        Maximum number of days between password change : 99999
        Number of days of warning before password expires : 7
    3. check the oracle user’s crontab entries.Now it’s displaying.
      1. [root@exa01dbadm01 ~]# crontab -l -u oracle
        0 1 * * * /dump/exports/expdprmano12.sh > /dump/exports/expdprmano12.log 2>&1
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s