Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed last year.
Improve this question
I upgraded current OS to latest version. i am unable to do su from admin to root user.
I checked /etc/password, /etc/shadow, unix_chkpwd and su permission, everything looks ok
i dig into the /etc/pam.d/ configuration made some changes to see if any luck, but none of them worked.
Below is the error log i can see in system logs, it would be great if any one help on this issue
Note: I am able to telnet to root.
unix_chkpwd[7868]:, check pass; user unknown
unix_chkpwd[7868]:, password check failed for user (root)
su[7279]:, pam_unix(su:auth): authentication failure; logname= uid=2000 euid=2000 tty=/dev/pts/3 ruser=admin rhost= user=root
unix_chkpwd[7874]:, check pass; user unknown
unix_chkpwd[7876]:, check pass; user unknown
unix_chkpwd[7876]:, password check failed for user (root)
su[7279]:, pam_authenticate: Authentication failure
su[7279]:, PAM 1 more authentication failure; logname= uid=2000 euid=2000 tty=/dev/pts/3 ruser=admin rhost= user=root
su[7279]:, FAILED su for root by admin
su[7279]:, su session not logged to /var/log/sulog
su[7279]:, - /dev/pts/3 admin:root
in a new machine root might not have a password
try sudo su
or sudo passwd root
for more info you can see this page
https://askubuntu.com/questions/347818/what-is-the-default-root-password-when-was-never-set-at-installation-time
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
On a Windows 10 host I have a VirtualBox virtual machine with Debian 11. The access to the VM is done by a virtual network card "Virtual Box Host Only Ethernet Adaptater".
I connect with ssh on my VM without any problem.
I have a shared folder on Windows 10, and I want to access it via a mount from my VM. I've been doing this for years, but now I can't get a stable behavior. It worked last week, but now it doesn't work anymore
I use this command:
mount -a -t cifs //192.168.56.1/vmjpweb /home/web -o "username=*******,password=*******" --verbose
The result :
/ : ignoré
none : ignoré
/media/cdrom0 : ignoré
domain=192.168.56.1
password specified twice, ignoring second
mount.cifs kernel mount options: ip=192.168.56.1,unc=\\192.168.56.1\vmjpweb,vers=3.0,sec=ntlmsspi,uid=33,gid=33,user=*******,domain=192.168.56.1,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
The kernel log:
Oct 31 09:11:49 rock kernel: [ 1009.046835] CIFS: Attempting to mount //192.168.56.1/vmjpweb
Oct 31 09:11:49 rock kernel: [ 1009.221195] CIFS: Status code returned 0xc000006d STATUS_LOGON_FAILURE
Oct 31 09:11:49 rock kernel: [ 1009.221219] CIFS: VFS: \\192.168.56.1 Send error in SessSetup = -13
Oct 31 09:11:49 rock kernel: [ 1009.221263] CIFS: VFS: cifs_mount failed w/return code = -13
I just created a new local user and it works well.
The login I was using was not local on the host, but on the domain of my work. I was trying to connect to the shared folder without a connection to the domain.
I also use fstab for the running.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I have this simple /etc/systemd/system/test.service file
[Unit]
Description=SkriptA
After=network.target auditd.service
[Service]
Type=simple
ExecStart=/opt/test.sh
[Install]
WantedBy=multi-user.target
When i run systemctl start test.service and then systemctl status test.service It shows that serivce succeeded but is inacitve, please why is this?
● test1.service - SkriptA
Loaded: loaded (/etc/systemd/system/test1.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Mar 05 12:17:55 hro0078 systemd[1]: Started SkriptA.
Mar 05 12:17:55 hro0078 systemd[1]: test1.service: Succeeded.
The ExecStart script is simple as service
#!/usr/bin/bash
echo Hi > /tmp/test1
date >> /tmp/test1
I use: Linux version 4.19.0-13-amd64 (debian-kernel#lists.debian.org) (gcc version 8.3.0 (Debian 8.3.0-6)) #1 SMP Debian 4.19.160-2 (2020-11-28)
Your program was started successfully and it terminated directly.
To have your service active, it needs to keep running. Example:
#!/usr/bin/bash
while [ 1 ]; do
echo Hi > /tmp/test1
date >> /tmp/test1
sleep 60
done
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I've created this service in /etc/systemd/system/webapp.service
in a
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
This is the content:
[Unit]
Description=webapp daemon
After=network.target
[Service]
Type=notify
ExecStart=/usr/local/bin/start-webapp.sh
ExecStop=/usr/local/bin/stop-webapp.sh
ExecReload=/usr/local/bin/reload-webapp.sh
StandardOutput=null
[Install]
WantedBy=multi-user.target
Alias=webapp.service
I try to startd the service using:
sudo systemctl start webapp.service
But when I do
sudo systemctl status webapp.service
I got this error:
● webapp.service - webapp daemon
Loaded: loaded (/etc/systemd/system/webapp.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Jun 01 11:31:48 localhost systemd[1]: /etc/systemd/system/webapp.service:8: Missing '='.
Jun 01 11:31:52 localhost systemd[1]: /etc/systemd/system/webapp.service:8: Missing '='.
Jun 01 11:35:21 localhost systemd[1]: /etc/systemd/system/webapp.service:8: Missing '='.
Jun 01 11:35:31 localhost systemd[1]: /etc/systemd/system/webapp.service:8: Missing '='.
and
admin#localhost:/etc/systemd/system$ cat -vetn webapp.service
1 [Unit]$
2 Description=webapp daemon$
3 [Service]$
4 Type=simple$
5 ExecStart=/usr/local/bin/start-webapp.sh$
6 ExecStop=/usr/local/bin/stop-webapp.sh$
7 ExecReload=/usr/local/bin/reload-webapp.sh$
8 [Install]$
9 WantedBy=multi-user.target$
Your config content seems nothing wrong, so I have copied it to my debian server and try to run it, and it's really ok.
But it's strange that the stdout of cat -vetn webapp.service is not the exactly content of your original config, so would you mind to remove the original config and do it again ?
refer: https://wiki.debian.org/systemd/Services
redo:
mv webapp.service /tmp/webapp.service
vi webapp.service # check characters
After creating or modifying any unit files, we must tell systemd that we want it to look for new things:
systemctl daemon-reload
Then, tell systemd to enable it, so that it will start every time we boot:
systemctl enable myservice.service
Finally, start it:
systemctl start myservice.service
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I am having issues using VNC between MacOS X and Linux.
I installed tightvnc server on CentOS Linux and vncviewer on Mac OS X. I have done all the setting to my best knowledge and then started vncserver on the Linux computer. I also opened the port 5901.
When I execute the command "vncviewer :1" on the Linux machine, things work fine. I can see desktop appear in a window.
From Mac OS X I am unable to connect to the Linux vncserver. The message I get is
"The connection was refused by the computer"
I am able to SSH from Mac to Linux so there is connection between the two computers but VNC won't work.
Can someone please help me save this issue. I have searched the web but found nothing that worked thus far.
Thanks!
Here is the message from the vnc log file.
Xvnc TigerVNC 1.1.0 - built May 11 2016 13:01:55
Copyright (C) 1999-2011 TigerVNC Team and many others (see README.txt)
See http://www.tigervnc.org for information on TigerVNC.
Underlying X server release 11704000, The X.Org Foundation
Tue Jan 24 10:03:36 2017
vncext: VNC extension running!
vncext: Listening for VNC connections on all interface(s), port 5901
vncext: Listening for HTTP connections on all interface(s), port 5801
vncext: created VNC server for screen 0
GNOME_KEYRING_SOCKET=/tmp/keyring-jWrQoB/socket
SSH_AUTH_SOCK=/tmp/keyring-jWrQoB/socket.ssh
GNOME_KEYRING_PID=7644
gnome-session[7629]: WARNING: Could not launch application 'linc-cleanup-sockets.desktop': Unable to start application: Failed to execute
child process "/usr/bin/linc-cleanup-sockets" (No such file or directory)
Failed to play sound: File or data not found
(polkit-gnome-authentication-agent-1:7668): GLib-GObject-WARNING **: cannot register existing type `_PolkitError'
(polkit-gnome-authentication-agent-1:7668): GLib-CRITICAL **: g_once_init_leave: assertion `initialization_value != 0' failed
An instance of nm-applet is already running.
Dropbox isn't running!
Dropbox is already running!
Initializing nautilus-dropbox 2015.10.28
(null): Warning no default label for /home/amit/.gvfs
Failure: Module initalization failed
** (gnome-panel:7657): WARNING **: panel-applet-frame.c:1288: failed to load applet OAFIID:GnoteApplet:
(null)
You can tunnel the VNC connection through SSH by using local port forwarding.
To start the port forward:
ssh -NTf -L 5901:localhost:5901 user#linux_server
Then point your VNC viewer at localhost.
vncviewer localhost:5901
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I am trying to set up a Linux box (specifically Centos 6) to authenticate users via our Windows AD. The authentication works fine. The problem: Our password lockout policy is 3 strikes and you're locked. If a user logging into the Linux host enters their password wrong just once, their account gets locked.
Here is my /etc/pam.d/system-auth file:
%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so
account required pam_access.so
account required pam_unix.so broken_shadow
account [default=ignore success=1] pam_succeed_if.so uid < 16777216 quiet
# only allow login if user is in group serveradmins
account [default=bad success=ignore] pam_succeed_if.so user ingroup serveradmins quiet
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_krb5.so use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_oddjob_mkhomedir.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_krb5.so
Here are the log entries captured in /var/log/secure when a user tried to log in and gave the wrong password on the first try. For the sake of brevity, I've stripped off the datetime and hostname from the start of the log entries:
sshd[1589]: Connection from 22.33.44.55 port 49532
sshd[1589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host0001.foo.bar user=gumby
sshd[1589]: pam_krb5[1589]: authentication fails for 'gumby' (gumby#FOO.BAR): Authentication failure (Preauthentication failed)
sshd[1589]: pam_winbind(sshd:auth): getting password (0x00000010)
sshd[1589]: pam_winbind(sshd:auth): pam_get_item returned a password
sshd[1589]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTH_ERR (7), NTSTATUS: NT_STATUS_WRONG_PASSWORD, Error message was: Wrong Password
sshd[1589]: pam_winbind(sshd:auth): user 'gumby' denied access (incorrect password or invalid membership)
sshd[1589]: pam_krb5[1589]: authentication fails for 'gumby' (gumby#FOO.BAR): Authentication failure (Preauthentication failed)
sshd[1589]: pam_winbind(sshd:auth): getting password (0x00000010)
sshd[1589]: pam_winbind(sshd:auth): pam_get_item returned a password
sshd[1589]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTH_ERR (7), NTSTATUS: NT_STATUS_WRONG_PASSWORD, Error message was: Wrong Password
sshd[1589]: pam_winbind(sshd:auth): user 'gumby' denied access (incorrect password or invalid membership)
sshd[1589]: Failed password for gumby from 22.33.44.55 port 49532 ssh2
sshd[1589]: pam_krb5[1589]: authentication fails for 'gumby' (gumby#FOO.BAR): User not known to the underlying authentication module (Clients credentials have been revoked)
sshd[1589]: pam_winbind(sshd:auth): getting password (0x00000010)
sshd[1589]: pam_winbind(sshd:auth): pam_get_item returned a password
sshd[1589]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_MAXTRIES (11), NTSTATUS: NT_STATUS_ACCOUNT_LOCKED_OUT, Error message was: Account locked out
sshd[1589]: pam_winbind(sshd:auth): internal module error (retval = PAM_MAXTRIES(11), user = 'gumby')
sshd[1589]: pam_krb5[1589]: authentication fails for 'gumby' (gumby#FOO.BAR): User not known to the underlying authentication module (Clients credentials have been revoked)
sshd[1589]: pam_winbind(sshd:auth): getting password (0x00000010)
sshd[1589]: pam_winbind(sshd:auth): pam_get_item returned a password
sshd[1589]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_MAXTRIES (11), NTSTATUS: NT_STATUS_ACCOUNT_LOCKED_OUT, Error message was: Account locked out
sshd[1589]: pam_winbind(sshd:auth): internal module error (retval = PAM_MAXTRIES(11), user = 'gumby')
sshd[1589]: Failed password for gumby from 22.33.44.55 port 49532 ssh2
What in this configuration is causing the authentication module to try multiple times and how might we change it to make it not do that?
Thanks.
So this is an old post but might save a few people several days of troubleshooting.
Although sometimes the simplest of answers are usually the rights ones, in the case of migrations you should always check routes, firewall and DNS entries to be the same and ntp synchronized.
Short background:
Problems started when it was decided to migrate the old DC to new versions (Windows Server 2008 -> Windows server 2016).
Our Linux environment consisted of Rhel 5, 6 and 7 systems joined in AD through Samba, Winbind.
By default, Windows Server 2016 has disabled SMBv1, this means that all Rhel 5 and 6 systems were failing to communicate with the new DC's, for reference: https://access.redhat.com/articles/3164551
This can be resolved by enabling this role on the DC (and you understand the consequences of enabling a 30 year old protocol):
SMBv1
In case the pic is no longer available (action on DC): Add roles and features -> Features -> SMB 1.0/CIFS File Sharing Support -> check.
Note: you need to reboot after enabling this.
Everything was running smoothly after that change, or so it seemed.
I also stumbled upon this particular error, from the servers (Rhel 5) logs:
Oct 27 09:06:58 dummy sshd[22520]: Failed password for some_user from x.x.x.x port 53207 ssh2
Oct 27 09:07:07 dummy sshd[22520]: pam_winbind(sshd:auth): getting password (0x00000050)
Oct 27 09:07:07 dummy sshd[22520]: pam_winbind(sshd:auth): pam_get_item returned a password
Oct 27 09:07:07 dummy sshd[22520]: pam_winbind(sshd:auth): request failed: Wrong Password, PAM error was Authentication failure (7), NT error was NT_STATUS_WRONG_PASSWORD
Oct 27 09:07:07 dummy sshd[22520]: pam_winbind(sshd:auth): user 'some_user' denied access (incorrect password or invalid membership)
Oct 27 09:07:09 dummy sshd[22520]: Failed password for some_user from x.x.x.x port 53207 ssh2
And I also could not authenticate with my own account so I migrated to samba3x, reference( I did not do all the steps): https://access.redhat.com/solutions/42635
For those who might not have an account, these are the steps I took:
Backup original config files (you will need your smb.conf):
tar cf /root/backup_samba_migration.tar /etc/samba /var/cache/samba /var/lib/samba
Stop services:
service smb stop; service winbind stop
Remove samba and install samba3x:
yum remove samba samba-common -y
yum install samba3x* -y
This is where you put your old smb.conf:
vim /etc/samba/smb.conf
You should also copy pam_winbind.conf (we used required_membership parameter for example):
\cp /etc/security/pam_winbind.conf.rpmsave /etc/security/pam_winbind.conf
In my case I needed to rejoin the domain (you might not need to use createcomputer):
net ads join -U youradminaccount createcomputer="Linux system"
Restart services:
service smb restart; service winbind restart
Test (before this authentication would give direct failed password):
wbinfo -t
wbinfo -a youradminaccount
Hope it helps, have a good one!
To determine exactly what is going on, you should put the 'debug' flag on there.
It is also not helpfull to remove timestamps from the Log to understand a performance problem.
I think you do pam_krb5 auth first, then pam_winbind auth, then pam_krb5 account and then you are locked out.
Try to only use krb5 OR winbind for the tasks. Not both.