I have a new google compute engine instance. I am SSH'ed into the instance using certs. Whenever I try to use sudo it asks for the primary user's password which I do not have. Just recently I setup an instance on centos 7 and did not have this issue.
The instance is running centos 8. Normally, I would ssh to the instance, then execute commands using Sudo. For example, I would like to set the root password.
if I run sudo passwd, sudo su - or even sudo cat /var/log/messages it asks me for the primary user's password. The problem is I do not have that password.
[primaryuser#server4 log]$ **sudo cat messages**
**[sudo] password for primaryuser:**
##########
[primaryuser#server4 log]$ **sudo passwd**
**[sudo] password for primaryuser:**
I expected to run the commands using sudo but do not have the password.
Does anyone have any ideas? I read other posts about similar problems but different from mine.
I had to give up and use ubuntu. Everything acted as expected on ubuntu and I was able to set the password. I believe the problem is limited to centos 8 but I am not certain.
I have just installed a new Linux VM on Azure - Centos 6.3
installed webmin all great
I have then gone ot log in as the user and password I set up for SSH when I created the VM but it wont let me log in, I dont have the root password as it didnt offer me the root option when i installed the VM just the chance to create a user and password
Anybody please advise help?
If I recall, Windows Azure doesn't typically give you Administrator or root users. In the case of Linux you start with the azureuser which is setup as a sudo user. So login as the azureuser and 'sudo su'. Now set a root password i.e. passwd root.
Now you should be able to authenticate with webwin.
I use Postgesql and PgAdmin on Windows without any problems but am struggling to get it working on Linux (I'm a Linux N00b). I have installed the 64bit version on my Fedora box following these instructions (except substituting version 9.3 for 9.2). Everything works well until I get to launching pgsql with:
sudo -u postgres psql template1
Here I get an error "Permission denied" as is attempts to change to my home directory.
I can change the password for 'postgres' as per the instructions and I presume this is just so I can use 'md5' rather than 'trust' in pg_hba.conf (if not, then I don't understand why I need this step).
When I fire up PgAdmin3, initially I have no connections. Attempting to connect to the server gives me an authentication error for user 'postgres'. I have tried resetting pg_hba.conf to 'trust' but that doesn't work either.
I would appreciate an explanation of the 'postgres' user in Linux as it appears to be a separate actual user on the Linux system (unlike Windows where it is just a 'disembodied' user relevant only to Postgress). Secondly, help in getting PgAdmin speaking to Postgresql would be gratefully received.
psql -U postgres template1
It will prompt for password if you set md5 in pg_hba.conf
After much digging about I found that most of the documentation is incomplete. I needed a combination of connecting via Cefull Lo's solution (+1) and NOT (as in most of the documentation):
sudo -U postgres psql
Then to change the password I need a more explicit SQL command as follows
template1=# ALTER USER postgres with encrypted password ‘yourpassword’;
I presume that I need to explicitly state 'with encrypted password' because I am using md5, though again, 90% of the documentation fails to point this out and advises a basic change of password together with md5. Maybe this is specific to Fedora, who knows, but now I can connect via PgAdmin3.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
Please if you could give me some advice of what I'm doing wrong you would make me very happy. I've been struggling with this with no luck and I'm kinda desperate.
I've got a virtual machine with an LDAP Server installed on Windows Xp. It's Apache Directory Studio.
Then I've got another virtual machine with Xubuntu on it. I want it to authenticate to Apache Directory Studio.
The two machines can see each other and do ping correctly.
Server part (Windows XP with Apache Directory Studio LDAP Server):
The server is working great, I did a domain on it dc=mydomain,dc=com with two ou's on it, ou=People and ou=Groups.
Did some posixAccounts and some posixGroup. Chose high uid numbers (2000 onwards) to avoid conflict.
All ok on server side.
Client part (Xubuntu):
Entered as root.
Did:
apt-get install libnss-ldap
Configured ip of my LDAP server (checked it, it's "pingable").
Then entered my domain, for example: dc=mydomain,dc=com.
Then chose the LDAP version my server is running:
Then chose "yes" to "make local root database admin".
Chose "no" to "does the LDAP database require login?".
Then chose the login of the admin of the LDAP Server and it's password. This is 100% confirmed to be true and the actual login, checked it in Apache Directory Studio and verified it many times.
Set the password encryption system to "clear".
Ok, I know that Apache Directory Studio is listening 10389 instead of 389, so I go to /etc/ldap.conf and change manually the port from 389 to 10389 (389 is the default and the GUI doesn't let change you).
Then IT WORKS, but only via terminal, if I do
su testuser
It works, because I got that user ONLY in LDAP server, when I test with other users it doesn't work. The same goes for getent passwd testuser.
Then I want to do graphical login, I close the session, enter credentials and it doesn't work. It works in the terminal, but with GUI don't, oh God, WHY?
PS: Did apt-get install nscd (as worked for someone) but didn't work out for me.
PS2: Thanks in advance for your time and patience, and for considering this question (it is not strict programming question).
PS3: I created the /home/testuser directory, it's not failing because of this, because it still fails to login to LDAP via GUI (but works via terminal).
Your problem is GDM Try following
Automatically create home folders
Just edit /etc/pam.d/common-session by hand and adding the following line before any pam_ldap and pam_krb5 settings:
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
make sure you have gdm entry in /etc/security/group.conf
and following line in /etc/pam.d/gdm
auth optional pam_group.so
For users who login using X /etc/pam.d/gdm has to be modified so GDM will use LDAP.
Something like:
auth sufficient pam_ldap.so
auth required pam_nologin.so
auth required pam_env.so
auth required pam_unix_auth.so
account sufficient pam_ldap.so
account required pam_unix_acct.so
password required pam_ldap.so
session sufficient pam_ldap.so
session required pam_unix_session.so
You should be able to perform a
getent passwd
Form the command line and display if the users are being returned from the LDAP server.
All the users from the /etc/passwd and the users from LDAP should be displayed.
Too late answer but might help others as i got through this.
In the terminal use
sudo nano /etc/pam.d/common-auth
add these lines at the bottom auth required pam_access.so
and in this file sudo nano /etc/security/access.conf
add this line -:ALL EXCEPT root (admin):ALL EXCEPT LOCAL at the bottom
For more info: Authenticate Client Computers Using LDAP
Thanks.
I had a same issue and none of above answers solved it .This are config done by me on Ubuntu 18.04 and on kali as well
Steps we need to follow are as follows
Install libpam-ldap / libnss-ldap
Ubuntu:
apt-get install libpam-ldap
kali Linux:
apt-get install libpam-ldap libnss-ldapd
Configure ldap settings
dpkg-reconfigure libpam-ldap
do all setting as yes and local database creation : yes
base : ou-People,dc=sqtk,dc=team
root dn : dc=admin,dc=sqtk,dc=team
every option asked should be yes (store database on local yes and specify ldap admin username and password )
for database stuff use admin user only
Change /etc/nsswitch.conf to let passwd , group , shadow to use ldap and netgroup to nis
/etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap
gshadow: files
hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
NOTE : Change netgroup to nis(network information system) this signifies that the groups are also
fetched from netgroup from nis so in below step we do group mapping (My assumption , dont question it, it worked)
Now we can verify whether we can connect to ldap server by using below command
ldapsearch -x -W -D 'cn=ldaptest,ou=People,dc=sqtk,dc=team' -b "" -s base
3.We need to set to create a home dir as soon as users logs in this is achieved by using pam_mkhomedir.so (verify if it is present by doing a find find / -name pam_mkhomedir.so if not present then install it should be present by default)
3.1 Currently when we run command
pam-auth-config
we dont see a option for mkhomedir (make home directory which is neccessary as user logs in)
3.2 to get this option we need to create a file /usr/share/pam-configs/mkhomedir if not present with following content
content :
Name: activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session:
required pam_mkhomedir.so umask=0022 skel=/etc/skel
3.3 Now if we run command
pam-auth-config
we see option for mkhomedir so we need to select it as well (we select option by using a space on keyboard )
3.4 To verify whether mkhomedir is set we can cat /etc/pam.d/common-session file and see a entry as below (dont edit the file manually try and use pam-auth-update only ) It will have a entry as below
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
ldap domain to group mapping
4.1 we need to do a domain mapping with the ldap group tehnical this mapping is nothing but we mapping ldap group name to group id of ldap in local .
I faced a issue where in i used to get the group id i.e > 500 of ldap group on local system but somehow system was not able to fetch the group name for the given id so i did below config
4.2 To assign local groups to a domain (ldap) user do the following edit /etc/security/group.conf and add something like the following to it
*;*;*;Al0000-2400;audio,cdrom,dialout,floppy
4.3 In order to get the pam_group module working you could create a file like /usr/share/pam-configs/my_groups:
Name: activate /etc/security/group.conf
Default: yes
Priority: 900
Auth-Type: Primary
Auth:
required pam_group.so use_first_pass
Now we activate it by running
pam-auth-update
This roughly equals editing /etc/pam.d/common-auth by hand and adding the following line before any pam_ldap and pam_krb5 settings:
auth required pam_group.so use_first_pass
IMPORTANT # You should now have local groups showing up for users logging in via gdm and ssh and can
# verify this by # executing id or groups.
4.4 Now we need to verify whether we get just the group name and id use below command
getent group
If command doent work or display verify whether you can connect to ldap server
you can also verify whether we can fetch user from ldap by firing below command
getent passwd
id <username in ldap>
Again if anyone of the above commands doesnt perform as accepted then verify whether we can connect to ldap successfully use below command
ldapsearch -x -W -D 'cn=bumbum,ou=People,dc=sqtk,dc=team' -b "" -s base
-W == prompt for password
-D == User to validate
Ldap Group to be given sudo access
Give sudo access to the group that are present on ldap and are make sure user are part of the same group with whom you are login
visudo
% ALL=(ALL) ALL
if group name is ldaptest then below line needs to be added
%ldaptest ALL=(ALL) ALL
You should be able to login from desktop as well as terminal
(Note : for above things to works install libnss-ldapd package for kali Linux only then it works )
I'm trying to enable root (Ubuntu 8.04) to use psql command without password prompt (for scripting purpose). Everything worked fine with PostgreSQL 8.3, but I migrate to PostgreSQL 8.4 and the login without password doesn't work anymore.
I've a correct .pgpass file (the same used for 8.3), the right of /root/.pgpass are 0600 but calling psql keep asking for a password.
NB : the PGPASSFILE variable is empty, so I assume that the .pgpass file is supposed to be used.
Any brilliant idea?
Try to check if this works:
*:*:*:postgres:password_for_postgres_user
And then try:
VERBOSITY=verbose psql --no-password --user postgres
This question should probably be migrated to serverfault.com.