1 2 Previous Next 16 Replies Latest reply: Feb 11, 2013 6:31 PM by 946717 RSS

    cannot login the system from console by using any users

    946717
      oracle linux 6.3 on HP proliant

      I tried root user id and also regular user id's, all not working. I got login and password prompt, but as soon as i enter both in, i got login prompt again.

      I tried a lot of different thing, /etc/securetty, etc...

      thanks,
        • 1. Re: cannot login the system from console by using any users
          946717
          dont know why, but the following line in /etc/pam.d/login is causing the issue, once comment it out, it works fine.

          session include system-auth
          • 2. Re: cannot login the system from console by using any users
            Catch 22
            A session module is used after a user has been authenticated and performs additional tasks which are needed to allow access, for example, mounting the user's home directory or making their mailbox available.

            If your /etc/pam.d/login is indeed the problem I suggest you restore a backup.

            Below is the content of a default OL 6.3 installation, which works:

            <pre>
            [root@vm023 pam.d]# cat login
            #%PAM-1.0
            auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
            auth include system-auth
            account required pam_nologin.so
            account include system-auth
            password include system-auth
            # pam_selinux.so close should be the first session rule
            session required pam_selinux.so close
            session required pam_loginuid.so
            session optional pam_console.so
            # pam_selinux.so open should only be followed by sessions to be executed in the user context
            session required pam_selinux.so open
            session required pam_namespace.so
            session optional pam_keyinit.so force revoke
            session include system-auth
            -session optional pam_ck_connector.so
            </pre>

            I have no idea what -session in front of the pam_ck_connector.so is supposed to do, which seems apparent in all 6.x installations, but it does not stop users from login in.
            • 3. Re: cannot login the system from console by using any users
              946717
              I AM using the default file, have not made any chnages to it, the same one as you post here. I have to comment out the ine before the last one,
              #session include system-auth
              then I am fine, otherwise, i am not able to.

              Edited by: 943714 on Feb 9, 2013 2:19 PM
              • 4. Re: cannot login the system from console by using any users
                Catch 22
                Please describe how you login, e.g. console, ssh, etc. If you use ssh, try ssh -vv for more verbose information. If you can access the console, check the log files /var/log/messages and /var/log/secure for any clues.
                • 5. Re: cannot login the system from console by using any users
                  946717
                  The followings are messages in /var/log/secure. Again, if I commented out the line before the last one in /etc/pam.d/login, then eveything is fine. /etc/security/limits.conf file is the same with the other system and that system is alright:


                  eb 6 16:35:43 sysxyz login: pam_limits(login:session): cannot read settings from /etc/security/limits.conf: Permission denied
                  Feb 6 16:35:43 sysxyz login: pam_limits(login:session): error parsing the configuration file: '/etc/security/limits.conf'
                  Feb 6 16:35:43 sysxyz login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
                  Feb 6 16:35:44 sysxyz login: Error in service module
                  Feb 6 16:35:49 sysxyz login: pam_limits(login:session): cannot read settings from /etc/security/limits.conf: Permission denied
                  Feb 6 16:35:49 sysxyz login: pam_limits(login:session): error parsing the configuration file: '/etc/security/limits.conf'
                  Feb 6 16:35:49 sysxyz login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
                  Feb 6 16:35:49 sysxyz login: Error in service module
                  • 6. Re: cannot login the system from console by using any users
                    Catch 22
                    cannot read settings from /etc/security/limits.conf: Permission denied
                    That seems to be the problem.

                    Can you show the following output as root:

                    # id
                    # ls -l /etc/security/limits.conf
                    # ls -ld /etc
                    # sestatus
                    • 7. Re: cannot login the system from console by using any users
                      946717
                      The following is outputs. Thank you very much for your time.


                      [root@sysxyz ~]# id
                      uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
                      [root@sysxyz ~]# ls -l /etc/security/limits.conf
                      -rw-r--r--. 1 root root 2623 Jun 8 2011 /etc/security/limits.conf
                      [root@sysxyz ~]# ls -ld /etc
                      drwxr-xr-x. 124 root root 12288 Feb 9 16:44 /etc
                      [root@sysxyz ~]# sestatus
                      SELinux status: enabled
                      SELinuxfs mount: /selinux
                      Current mode: enforcing
                      Mode from config file: enforcing
                      Policy version: 26
                      Policy from config file: targeted
                      • 8. Re: cannot login the system from console by using any users
                        946717
                        Additional symptom: as soon as I enter login id and password on Console, it will get the following message, and very quickly go back to login prompt again. This sumptom doesn't happen if I use putty and ssh to login, only on console.

                        Error in service module
                        • 9. Re: cannot login the system from console by using any users
                          Catch 22
                          Can you login using the following in a terminal window on the server:

                          # ssh root@localhost
                          • 10. Re: cannot login the system from console by using any users
                            946717
                            Yes, I can without any problems.
                            • 11. Re: cannot login the system from console by using any users
                              Catch 22
                              Does the problem continue after typing the following:

                              # restorecon -v './limits.conf'

                              And if it still persists, how about after setting SElinux to permissive mode:

                              # echo 0 >/selinux/enforce
                              • 12. Re: cannot login the system from console by using any users
                                946717
                                the issue is fixed by using your first suggested command. What does 'restorecon..' do? this command did not chnage anything in limits.conf file, but got the following output. What changes being made as the result of running this command? Thank you so much for your help!

                                # restorecon -v './limits.conf'
                                restorecon reset /etc/security/limits.conf context unconfined_u:object_r:user_tmp_t:s0->unconfined_u:object_r:etc_t:s0

                                Edited by: 943714 on Feb 10, 2013 10:42 AM
                                • 13. Re: cannot login the system from console by using any users
                                  Catch 22
                                  It was more or less a guess that SElinux was the issue and that limits.conf might be the culprit. Perhaps you renamed or restored the root volume, which can cause SELinux labeling issues. The restorecon command restores the default SELinux security context for the specified file.
                                  • 14. Re: cannot login the system from console by using any users
                                    946717
                                    root lvm is the same, we did not make changes to it. I don't know much about SELinux. Would you please explain to me on what went wrong here with SELinux? and what changes did restorecon make and fix the issue? We made some changes to limits.conf, had these changes caused the problem? but there are no any change being made after running 'recovercon'. the following are changes we made to limits.conf:
                                    # diff limits.conf limits.conf.orig
                                    46c46
                                    < oracle soft nofile 131072
                                    ---
                                    oracle soft nofile 1024
                                    49c49
                                    < oracle hard nofile 131072
                                    ---
                                    oracle hard nofile 65536
                                    62,67d61
                                    <
                                    < oracle hard memlock 50000000
                                    < oracle soft core unlimited
                                    < oracle hard core unlimited
                                    < oracle hard nproc 131072
                                    < oracle soft nproc 131072

                                    If you have time, please let me know, otherwise, this issue is resolved and thank you very much for your times.

                                    Edited by: 943714 on Feb 11, 2013 4:11 AM

                                    Edited by: 943714 on Feb 11, 2013 6:51 AM
                                    1 2 Previous Next