LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-11-2010, 12:06 PM   #1
raspino
Member
 
Registered: Jul 2010
Posts: 38

Rep: Reputation: 1
unable to login to ubuntu mailer server


I have set up a post fix mail server on ubuntu and it's been working for a while without a problem. However, in trying to solve a problem, I installed dtc, dtc-postfix-courier and a few other depend software. When I re-started the server, I was unable to login with my usual login information. I am able to go to recovery mode to change the password but I am still unable to login to the system. Essentially, only root is able to access data on the server. I need help.
 
Old 12-11-2010, 12:31 PM   #2
raspino
Member
 
Registered: Jul 2010
Posts: 38

Original Poster
Rep: Reputation: 1
I am unable to remove dtc completely strangely. If someone can provide me to remove completely, dtc and all dependent software, I believe that could solve my problem.
 
Old 12-11-2010, 12:48 PM   #3
paulsm4
LQ Guru
 
Registered: Mar 2004
Distribution: SusE 8.2
Posts: 5,863
Blog Entries: 1

Rep: Reputation: Disabled
Hi -

1. You can use "apt-get --purge remove XYZ" to remove a package you installed

2. STRONG SUGGESTION:
Please focus on the login error FIRST

IMHO...
 
1 members found this post helpful.
Old 12-11-2010, 01:47 PM   #4
raspino
Member
 
Registered: Jul 2010
Posts: 38

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by paulsm4 View Post
Hi -

1. You can use "apt-get --purge remove XYZ" to remove a package you installed

2. STRONG SUGGESTION:
Please focus on the login error FIRST

IMHO...
I am trying to. I am getting :

starting domain name server bin9 fail error
 
Old 12-11-2010, 03:16 PM   #5
paulsm4
LQ Guru
 
Registered: Mar 2004
Distribution: SusE 8.2
Posts: 5,863
Blog Entries: 1

Rep: Reputation: Disabled
Hi, again -

Q: "Starting domain name server fail" error?
Is there any reason you need DNS in the first place?

Nevertheless:
* "DTC" is the web control panel thingy, right?
If you don't need it, and you believe trying to install it started your grief then, by all means, feel free to uninstall it.

* The syntax is "apt-get --purge remove XYZ", for any package "XYZ"

* If possible, uninstall in the REVERSE order as you installed

* If possible, uninstall as FEW packages as possible.
In other words, uninstall one package (e.g. dtc-postfix-courier-xyz), reboot, and see if the system is stabile.
If it is, then STOP.
Otherwise, repeat for the next package (e.g. dtc-xyz)
Rinse and repeat
 
1 members found this post helpful.
Old 12-11-2010, 05:56 PM   #6
raspino
Member
 
Registered: Jul 2010
Posts: 38

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by paulsm4 View Post
Hi, again -

Q: "Starting domain name server fail" error?
Is there any reason you need DNS in the first place?

Nevertheless:
* "DTC" is the web control panel thingy, right?
If you don't need it, and you believe trying to install it started your grief then, by all means, feel free to uninstall it.

* The syntax is "apt-get --purge remove XYZ", for any package "XYZ"

* If possible, uninstall in the REVERSE order as you installed

* If possible, uninstall as FEW packages as possible.
In other words, uninstall one package (e.g. dtc-postfix-courier-xyz), reboot, and see if the system is stabile.
If it is, then STOP.
Otherwise, repeat for the next package (e.g. dtc-xyz)
Rinse and repeat
Thanks. I really think it is dtc that is causing this problem, but I can't seem to successfully remove all of it completely, I have used the code you gave to remove nearly all of them but it seems that it is still installed. For example, dtc created a username (dtc) and I can still still it there when I type:

ls /home

as root
 
Old 12-11-2010, 07:36 PM   #7
paulsm4
LQ Guru
 
Registered: Mar 2004
Distribution: SusE 8.2
Posts: 5,863
Blog Entries: 1

Rep: Reputation: Disabled
Hi -

Quote:
I have used the code you gave to remove nearly all of them but it seems that it is still installed.
You can probably safely assume dtc is gone. In particular, the uninstall will *not* remove the new user. If possible, check for any dtc executables or libraries you might be able to recall. I suspect they've all been deleted

Now.....

What's the deal with this "can't log in" problem?

Q: How are you trying to log in?
From the console? From a telnet or ssh session?

Q: You say you can log in as "root", but nobody else.
Is this correct?
Is there any error message when you try to log in as a normal user?

Error messages are good Please see if you can find one. You can also look at any messages that occur during your login, in /var/log/messages, the "last" command, or "/var/log/audit/audit.log".

It's entirely possible that trying to install dtc somehow enabled "SELinux", and SELinux is denying logins. If so, we should see those "access denied" messages in "/var/log/audit/audit.log". Just a thought...
 
1 members found this post helpful.
Old 12-11-2010, 10:40 PM   #8
raspino
Member
 
Registered: Jul 2010
Posts: 38

Original Poster
Rep: Reputation: 1
thanks again. I looked at the auth.log file and it seems to indicate that 'there is no such user'

This is what I am getting:

Failed LOGIN(2) on /dev/tty5' for 'raspino', Authentication failure
pam_winbind (login:auth): getting password (0x00000388)
pam_winbind (login:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR
pam error: PAM_USER_UNKNOWN (10), NTSTATUS: NTSTATUS_NO_SUCH_USER
 
Old 12-11-2010, 11:11 PM   #9
paulsm4
LQ Guru
 
Registered: Mar 2004
Distribution: SusE 8.2
Posts: 5,863
Blog Entries: 1

Rep: Reputation: Disabled
Cool - thank you!

It looks like installing dtc brought in winbind and/or activated SELinux.

It sounds like the next step is to "apt-get purge remove winbind" (be sure to reboot afterwards):
http://ubuntuforums.org/archive/inde...t-1604060.html

I'm crossing my fingers !
 
1 members found this post helpful.
Old 12-12-2010, 12:06 AM   #10
raspino
Member
 
Registered: Jul 2010
Posts: 38

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by paulsm4 View Post
Cool - thank you!

It looks like installing dtc brought in winbind and/or activated SELinux.

It sounds like the next step is to "apt-get purge remove winbind" (be sure to reboot afterwards):
http://ubuntuforums.org/archive/inde...t-1604060.html

I'm crossing my fingers !
tried it without success. When I removed windbind, and restarted, the password option completely went away, so in the terminal, i am presented with only a username and when I type enter, it says incorrect password. In the GUI, when I click on a name, (it does not give me the option to enter password), it says authentication failed.

This is what is in the auth.log
PAM adding faulty module: /lib/security/pam_winbind.so
pam_succeed_if (gdm:auth): requirement "user ingroup no passwdlogin" not met by user 'raspino'
 
Old 12-12-2010, 02:26 AM   #11
paulsm4
LQ Guru
 
Registered: Mar 2004
Distribution: SusE 8.2
Posts: 5,863
Blog Entries: 1

Rep: Reputation: Disabled
Sigh...

How about this:
1. Make sure your "normal user" exists and has a valid password:
Log in as "root", enter "passwd USERNAME" to insure the correct password is still set
Try "su - USERNAME" to see if you can run a shell as that user.

2. Make sure /etc/nsswitch.conf does NOT contain any references to "win_bind":
Quote:
http://manpages.ubuntu.com/manpages/...inbindd.8.html
If you see any of these, comment them out ("#" at start of line):
/tmp/.winbindd/pipe
/var/run/samba/winbindd_privileged/pipe
/lib/libnss_winbind.so.X
/var/run/samba/winbindd_idmap.tdb
/var/run/samba/winbindd_cache.tdb
3. Disable SELinux:
Quote:
http://www.linuxquestions.org/questi...elinux-478123/

edit the file /etc/selinux/conf:

SELINUX=disabled

Save it and reboot.
I'm still crossing my fingers
Toes, too

Good luck!
 
1 members found this post helpful.
Old 12-12-2010, 04:16 PM   #12
raspino
Member
 
Registered: Jul 2010
Posts: 38

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by paulsm4 View Post
Sigh...

How about this:
1. Make sure your "normal user" exists and has a valid password:
Log in as "root", enter "passwd USERNAME" to insure the correct password is still set
Try "su - USERNAME" to see if you can run a shell as that user.



2. Make sure /etc/nsswitch.conf does NOT contain any references to "win_bind":




3. Disable SELinux:




I'm still crossing my fingers
Toes, too

Good luck!
1. I was able to do this without a problem
2. Does not contain any win-bind stuff
3. I didn't see SElinux as folder or file.

Thanks again for your help...

Last edited by raspino; 12-12-2010 at 04:17 PM.
 
Old 12-12-2010, 04:19 PM   #13
paulsm4
LQ Guru
 
Registered: Mar 2004
Distribution: SusE 8.2
Posts: 5,863
Blog Entries: 1

Rep: Reputation: Disabled
Hi, again -

I assume things still aren't working yet. Sorry

A brief summary:
1. The central problem is that you can't log in as anybody but "root".
You believe all this started when you tried installing dtc. I agree.

2. You removed dtc like this:
apt-get --purge remove dtc
apt-get --purge remove dtc-postfix-courier
...

This should have removed the package(s). Unfortunately, the original install "did stuff" that we're still trying to "un-do". The dtc user is one example of something that doesn't "automatically uninstall". It's benign. It looks like "winbind" is something else that it did.

3. You found this error in "/var/log/audit/audit.log":
Quote:
Failed LOGIN(2) on /dev/tty5' for 'raspino', Authentication failure
pam_winbind (login:auth): getting password (0x00000388)
pam_winbind (login:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR
pam error: PAM_USER_UNKNOWN (10), NTSTATUS: NTSTATUS_NO_SUCH_USER
I suggested removing winbind, but then the "password" option in the GUI disappeared altogether, and you got this error trying to log in:
Quote:
This is what is in the auth.log
PAM adding faulty module: /lib/security/pam_winbind.so
pam_succeed_if (gdm:auth): requirement "user ingroup no passwdlogin" not met by user 'raspino'
"Winbind" allows you to authenticate against a Windows Active Directory server. I believe our goal is to DISABLE it.

TODO:
* Turn SELinux OFF:
vi /etc/selinux/conf:
SELINUX=disabled

* COMMENT OUT any references to winbind in your name resolution configuration:
vi /etc/nsswitch.conf:
# /tmp/.winbindd/pipe
# /var/run/samba/winbindd_privileged/pipe
# /lib/libnss_winbind.so.X
# /var/run/samba/winbindd_idmap.tdb
# /var/run/samba/winbindd_cache.tdb
... <= COMMENT OUT anything with "winbind" in it!

* COMMENT OUT any references to "winbind" or "Active Directory" from your Samba configuration:
vi /etc/smb.conf =>
[global]
# security = ads
# realm = LAB.EXAMPLE.COM
# password server = 10.0.0.1
...
# winbind enum users = yes
# winbind enum groups = yes
...
# winbind use default domain = yes

* RE-INSTALL the Winbind package
apt-get install winbind
<= I think you need it - we just want to make sure it's DISABLED

* Reboot and double-check your configuration
<= Make sure /etc/nsswitch.conf, /etc/selinux/conf files are still OK

Last edited by paulsm4; 12-12-2010 at 04:28 PM.
 
1 members found this post helpful.
Old 12-12-2010, 05:40 PM   #14
raspino
Member
 
Registered: Jul 2010
Posts: 38

Original Poster
Rep: Reputation: 1
the summary is accurate but the only file/folder I don't see is
/etc/selinux/conf:
 
Old 12-12-2010, 11:34 PM   #15
paulsm4
LQ Guru
 
Registered: Mar 2004
Distribution: SusE 8.2
Posts: 5,863
Blog Entries: 1

Rep: Reputation: Disabled
Hi -

One more suggestion. Here are the standard /etc/pam.d configuration files for a fresh install of Ubuntu 10.10:
Code:
vi /etc/pam.d/gdm:

%PAM-1.0
auth    requisite       pam_nologin.so
auth    required        pam_env.so readenv=1
auth    required        pam_env.so readenv=1 envfile=/etc/default/locale
auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
auth    optional        pam_gnome_keyring.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required        pam_limits.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session optional        pam_gnome_keyring.so auto_start
@include common-password
Code:
vi /etc/pam.d/gdm-autologin:

%PAM-1.0
auth    requisite       pam_nologin.so
auth    required        pam_env.so readenv=1
auth    required        pam_env.so readenv=1 envfile=/etc/default/locale
auth    required        pam_permit.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required        pam_limits.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
@include common-password
Code:
vi /etc/pam.d/login (comments stripped for readability):

auth       optional   pam_faildelay.so  delay=3000000
# auth       required   pam_issue.so issue=/etc/issue (Note: THIS IS COMMENTED OUT)
auth       required  pam_securetty.so
auth       requisite  pam_nologin.so
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session       required   pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth       optional   pam_group.so
# account    requisite  pam_time.so (Note: BOTH OF THESE ARE COMMENTED OUT)
# account  required       pam_access.so
session    required   pam_limits.so
session    optional   pam_lastlog.so
session    optional   pam_mail.so standard
@include common-account
@include common-session
@include common-password
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
PS:
I don't have an "/etc/selinux/conf" in my new Ubuntu 10.10, either. All I have is an empty "/selinux" root directory. So I guess we can safely assume SELinux isn't an issue
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to login to NIS client machine(Ubuntu) using NIS login user name crazymoonboy Linux - Server 10 05-08-2015 07:28 AM
Unable to login a ubuntu 9.04 jaunty jackalope muba Linux - Networking 2 05-17-2010 07:26 AM
Unable to login a ubuntu 9.04 jaunty jackalope muba Linux - Desktop 2 05-17-2010 07:19 AM
Unable to login after rebooting in UBUNTU ramesh14 Linux - Networking 1 12-09-2009 04:42 AM


All times are GMT -5. The time now is 07:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration