Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I have Fedora Core 5 and at some point in the past few weeks something has changed, to the effect that normal users cannot log in.
(Possibly, something done by a yum update caused this; I was chasing another problem at the time* and cannot be more specific about the source of the trouble.)
I found a detailed discussion on Tech Republic but no resolution to that person's problems. My symptoms are identical:
Root can log it both on GUI or command line. No user other than root can log in.
On a GUI log in attempt, an "Authentication failed" error box pops up. On command line, the error message "Error in service module" appears, very briefly, and the command line interface clears to the next log in attempt.
Interestingly, at the command line the response differs for a valid verus and invalid password attempt:
For the username's valid password, the "Error in service module" appears briefly then the login screen resets to a first-log in attempt.
For the username's password entered incorrectly, "Incorrect password" appears, does not blank and a new login attempt is presented.
It looks like something in the system recognizes the correct password -- but it does not permit login.
Other discussion have revolved around SELinux versus PAM. I have SELinux set to Disabled. It has been that way for a long time, and I don't think it has anything to do with this problem.
Entering the command: # tail -100 /var/log/messages reveals that
[pam_winbind] request failed, but PAM error 0!
[pam_winbind] internal module error (retval = 3, user = 'username')
appears at each attempted login (with the username's correct password.
Interestingly, I have a CRON job with fired off within the time period of the tail end of the logfile, and
[crond] Error in service module
[crond] CRON (username) ERROR: failed to open PAM security session: Success
[crond] CRON (username) ERROR: cannot set security context
appears within the last couple of lines of the logfile.
The other discussion suggested using 'trace' (or 'strace') to get a dump on what's happening to the command
# su - username
but it seems my system does not have either trace or strace installed.
Here is my /etc/pam.d/login file:
auth required pam_securetty.so
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should be the last session rule
session required pam_selinux.so open
just now copied off my system.
I have tried creating testusers, and the results are the same.
I can (and have) modified the user accounts either from the GUI User Manager, or by setting passwords from command line passwd. From everthing I can tell, it seems all the changes are being entered properly. That is, the /etc/passwd and the /etc/shadow files both seem to be in order. (Changes can be detected in these file when entered in User Manager, and so on.)
Does anyone have any idea what might be going wrong here? Thanks,
(P.S. * That "other problem" was that the message bus took over ten minutes to start on boot up, and essentially the Power Manager utility really prevented use of the GUI for normal users. After a lot of searching, I found on another board to disable LDAP in various conf files, and that cleared the problem. But I had the message bus / LDAP problem for over two months before this inability to log in showed up, and now I have cleared the LDAP problem but still cannot authenticate a log in password. I really don't think the two are connected, but wanted to mention it here just in case I'm wrong.)
Here's the contents of my file as it now exists:
What should it look like? What does this file do?
As stated earlier, I have SELinux disabled, so I am sure that has nothing to do with it. In any case, nothing has changed with SELinux; it was disabled before I moved from FC4 to FC5, and at first (in FC5) I did not experience this trouble logging in.
I noticed that there is an uncommented line dealing with pam_selinux even though you said you disabled selinux, however it is a system group control. You may want to read through your system-auth file that pam.login includes. The errors in /var/log/messages indicates a winbind problem. Is the winbind service running. What does samba use for account information. It is possibly a networking problem if for example another server supplies account information.
I know this thread is a little old, but I wanted to confirm the fix for the aformentioned problem. I had the same problem on FC6 and fixed it in a similar fashion. The only difference is that on my FC6 box, the line reads as follows: