Help me on Cron job error

mhrlive · 09-25-2012, 04:54 PM

Hello,
Im new here and beginner on CentOS so helps are appreciated,
The problem is that everytime when a cronjob run I get this error on the log:

Code:

Sep 25 22:29:01 host crond[1821]: Cannot make/remove an entry for the specified session
Sep 25 22:29:01 host crond[1821]: CRON (root) ERROR: failed to open PAM security session: Success
Sep 25 22:29:01 host crond[1821]: CRON (root) ERROR: cannot set security context

Note that the command line run normally from SSH command.
And the same script was running fine on another hosting.

update:
here is what /var/log/secure log file show:

Quote:

Sep 25 23:56:01 host crond[32016]: PAM pam_parse: expecting return value; [...requires]
Sep 25 23:56:01 host crond[32016]: PAM unable to dlopen(/lib/security/pam_winbind.so)
Sep 25 23:56:01 host crond[32016]: PAM [error: /lib/security/pam_winbind.so: cannot open shared object file: No such file or directory]
Sep 25 23:56:01 host crond[32016]: PAM adding faulty module: /lib/security/pam_winbind.so
Sep 25 23:56:01 host crond[32016]: pam_loginuid(crond:session): set_loginuid failed
Sep 25 23:56:01 host crond[32016]: pam_unix(crond:session): session opened for user root by (uid=0)
Sep 25 23:56:01 host crond[32016]: pam_unix(crond:session): session closed for user root

TB0ne · 09-25-2012, 05:05 PM

Quote:

Originally Posted by mhrlive

Hello,
Im new here and beginner on CentOS so helps are appreciated,
The problem is that everytime when a cronjob run I get this error on the log:

Code:

Sep 25 22:29:01 host crond[1821]: Cannot make/remove an entry for the specified session
Sep 25 22:29:01 host crond[1821]: CRON (root) ERROR: failed to open PAM security session: Success
Sep 25 22:29:01 host crond[1821]: CRON (root) ERROR: cannot set security context

Note that the command line run normally from SSH command.
And the same script was running fine on another hosting.

...and unless you post the script and give us details about it, there's little we can do. Those error(s) are in the script itself, not cron. Best guess would be it's either running as root and needs to run as another user, or that there's an inherited environment variable in your shell, that's not present in CRON.

Post the script and we might be able to help.

mhrlive · 09-25-2012, 05:16 PM

Quote:

Originally Posted by TB0ne

...and unless you post the script and give us details about it, there's little we can do. Those error(s) are in the script itself, not cron. Best guess would be it's either running as root and needs to run as another user, or that there's an inherited environment variable in your shell, that's not present in CRON.

Post the script and we might be able to help.

here is the line to run GET http://*****/local_service.php >/dev/null 2>&1

and here is the PAM configuration for cron:

Code:

#
# The PAM configuration file for the cron daemon
#
#
auth	   sufficient pam_env.so
auth       required   pam_rootok.so
auth       include    system-auth
account    required   pam_access.so
account    include    system-auth
session    required   pam_loginuid.so
session    include    system-auth

please help

unSpawn · 09-25-2012, 07:27 PM

Start by removing "pam_winbind.so" from /etc/pam.d/system-auth?

mhrlive · 09-26-2012, 06:31 AM

Quote:

Originally Posted by unSpawn

Start by removing "pam_winbind.so" from /etc/pam.d/system-auth?

Tried that and doesn't help :/
How can I remove the crond package and reinstall it ?

unSpawn · 09-26-2012, 07:15 AM

Quote:

Originally Posted by mhrlive

Tried that and doesn't help

"Doesn't help" is not a diagnostic message we can do anything with. Instead post /var/log/secure and /var/log/cron output like you did before.

Quote:

Originally Posted by mhrlive

How can I remove the crond package and reinstall it ?

With Linux there's rarely reason to remove and re-install software as it may disrupt services and it's, with all due respect, a reflex people learnt using a certain other OS. Please get used to troubleshooting things properly and that starts with diagnosing things properly.

mhrlive · 09-26-2012, 07:53 AM

Quote:

Originally Posted by unSpawn

"Doesn't help" is not a diagnostic message we can do anything with. Instead post /var/log/secure and /var/log/cron output like you did before.

With Linux there's rarely reason to remove and re-install software as it may disrupt services and it's, with all due respect, a reflex people learnt using a certain other OS. Please get used to troubleshooting things properly and that starts with diagnosing things properly.

Thanks for the replay as I montion Im a beginner,
the /var/log/secure show everytime cron job is launched:

Code:

Sep 26 13:37:01 host crond[23327]: PAM unable to resolve symbol: pam_sm_acct_mgmt
Sep 26 13:37:01 host crond[23328]: PAM unable to resolve symbol: pam_sm_acct_mgmt
Sep 26 13:37:01 host crond[23327]: pam_loginuid(crond:session): set_loginuid failed
Sep 26 13:37:01 host crond[23327]: pam_unix(crond:session): session opened for user root by (uid=0)
Sep 26 13:37:01 host crond[23327]: pam_unix(crond:session): session closed for user root
Sep 26 13:37:01 host crond[23328]: pam_loginuid(crond:session): set_loginuid failed
Sep 26 13:37:01 host crond[23328]: pam_unix(crond:session): session opened for user apache by (uid=0)
Sep 26 13:37:01 host crond[23328]: pam_unix(crond:session): session closed for user apache

and the cron log show :

Code:

Sep 25 22:29:01 host crond[1821]: Cannot make/remove an entry for the specified session
Sep 25 22:29:01 host crond[1821]: CRON (root) ERROR: failed to open PAM security session: Success
Sep 25 22:29:01 host crond[1821]: CRON (root) ERROR: cannot set security context

unSpawn · 09-26-2012, 08:26 AM

Quote:

Originally Posted by mhrlive

the /var/log/secure show everytime cron job is launched:

Code:

Sep 26 13:37:01 host crond[23327]: PAM unable to resolve symbol: pam_sm_acct_mgmt
Sep 26 13:37:01 host crond[23328]: PAM unable to resolve symbol: pam_sm_acct_mgmt
Sep 26 13:37:01 host crond[23327]: pam_loginuid(crond:session): set_loginuid failed
Sep 26 13:37:01 host crond[23327]: pam_unix(crond:session): session opened for user root by (uid=0)

So nothing has changed in /var/log/cron. Good. One down, one to go.

What kernel are you running?

Code:

uname -a

And please attach as plain text file the "/tmp/rpmv.log" from running:

Code:

rpm --nodeps --noscripts -vV $(rpm --qf="%{NAME}\n" -qf /etc/pam.d/*|grep -v owned|sort -u)|\
grep -v "\.\{8\}"|grep "^.*5.*etc/pam.d"|awk '{ { system("cat "$NF); } }' 2>&1|tee /tmp/rpmv.log

Quote:

Originally Posted by mhrlive

Code:

Sep 26 13:37:01 host crond[23328]: pam_unix(crond:session): session opened for user apache by (uid=0)
Sep 26 13:37:01 host crond[23328]: pam_unix(crond:session): session closed for user apache

BTW, please explain what cron jobs Apache is running here?

mhrlive · 09-26-2012, 03:36 PM

Quote:

Originally Posted by unSpawn

So nothing has changed in /var/log/cron. Good. One down, one to go.

What kernel are you running?

Code:

uname -a

And please attach as plain text file the "/tmp/rpmv.log" from running:

Code:

rpm --nodeps --noscripts -vV $(rpm --qf="%{NAME}\n" -qf /etc/pam.d/*|grep -v owned|sort -u)|\
grep -v "\.\{8\}"|grep "^.*5.*etc/pam.d"|awk '{ { system("cat "$NF); } }' 2>&1|tee /tmp/rpmv.log

BTW, please explain what cron jobs Apache is running here?

Hello again,
The cron log still show the same error:

Code:

Sep 26 16:18:01 host crond[9092]: Cannot make/remove an entry for the specified session
Sep 26 16:18:01 host crond[9092]: CRON (root) ERROR: failed to open PAM security session: Success
Sep 26 16:18:01 host crond[9092]: CRON (root) ERROR: cannot set security context

uname -a return :

Code:

Linux host.****.com 2.6.32-5-vserver-amd64 #1 SMP Sun May 6 06:53:58 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

rpmv log :

Code:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so try_first_pass nullok
auth        required      pam_deny.so

account     required      pam_unix.so

password    required      pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so try_first_pass use_authtok nullok md5
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

also here what I found on the /var/log/secure when cron job run:

Quote:

Sep 26 16:56:01 host crond[2071]: pam_loginuid(crond:session): set_loginuid failed

The cron job is a script to save data (stats) to the DB every one hour.. tried everything I found on google search for three days but nothing fixed the error, please help time press I have to fix this before Saturday :/

mhrlive · 09-27-2012, 06:31 AM

Hello guys, good news

I managed to resolve the problem, only by commenting any line with "session required pam_loginuid.so" on the files in /etc/pam.d/

Code:

/etc/pam.d/crond:session required pam_loginuid.so
/etc/pam.d/login:session required pam_loginuid.so
/etc/pam.d/remote:session required pam_loginuid.so
/etc/pam.d/sshd:session required pam_loginuid.so

I dont know the exact file or files that resolve the problem, may be the crond I will check later, but now the cronjob run smooth and clean, wish this help future visitors on this page with similar problem.