This discussion is archived
1 2 Previous Next 16 Replies Latest reply: Feb 11, 2013 4:31 PM by 946717 RSS

cannot login the system from console by using any users

946717 Newbie
Currently Being Moderated
oracle linux 6.3 on HP proliant

I tried root user id and also regular user id's, all not working. I got login and password prompt, but as soon as i enter both in, i got login prompt again.

I tried a lot of different thing, /etc/securetty, etc...

thanks,
  • 1. Re: cannot login the system from console by using any users
    946717 Newbie
    Currently Being Moderated
    dont know why, but the following line in /etc/pam.d/login is causing the issue, once comment it out, it works fine.

    session include system-auth
  • 2. Re: cannot login the system from console by using any users
    Dude! Guru
    Currently Being Moderated
    A session module is used after a user has been authenticated and performs additional tasks which are needed to allow access, for example, mounting the user's home directory or making their mailbox available.

    If your /etc/pam.d/login is indeed the problem I suggest you restore a backup.

    Below is the content of a default OL 6.3 installation, which works:

    <pre>
    [root@vm023 pam.d]# cat login
    #%PAM-1.0
    auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
    auth include system-auth
    account required pam_nologin.so
    account include system-auth
    password include system-auth
    # pam_selinux.so close should be the first session rule
    session required pam_selinux.so close
    session required pam_loginuid.so
    session optional pam_console.so
    # pam_selinux.so open should only be followed by sessions to be executed in the user context
    session required pam_selinux.so open
    session required pam_namespace.so
    session optional pam_keyinit.so force revoke
    session include system-auth
    -session optional pam_ck_connector.so
    </pre>

    I have no idea what -session in front of the pam_ck_connector.so is supposed to do, which seems apparent in all 6.x installations, but it does not stop users from login in.
  • 3. Re: cannot login the system from console by using any users
    946717 Newbie
    Currently Being Moderated
    I AM using the default file, have not made any chnages to it, the same one as you post here. I have to comment out the ine before the last one,
    #session include system-auth
    then I am fine, otherwise, i am not able to.

    Edited by: 943714 on Feb 9, 2013 2:19 PM
  • 4. Re: cannot login the system from console by using any users
    Dude! Guru
    Currently Being Moderated
    Please describe how you login, e.g. console, ssh, etc. If you use ssh, try ssh -vv for more verbose information. If you can access the console, check the log files /var/log/messages and /var/log/secure for any clues.
  • 5. Re: cannot login the system from console by using any users
    946717 Newbie
    Currently Being Moderated
    The followings are messages in /var/log/secure. Again, if I commented out the line before the last one in /etc/pam.d/login, then eveything is fine. /etc/security/limits.conf file is the same with the other system and that system is alright:


    eb 6 16:35:43 sysxyz login: pam_limits(login:session): cannot read settings from /etc/security/limits.conf: Permission denied
    Feb 6 16:35:43 sysxyz login: pam_limits(login:session): error parsing the configuration file: '/etc/security/limits.conf'
    Feb 6 16:35:43 sysxyz login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
    Feb 6 16:35:44 sysxyz login: Error in service module
    Feb 6 16:35:49 sysxyz login: pam_limits(login:session): cannot read settings from /etc/security/limits.conf: Permission denied
    Feb 6 16:35:49 sysxyz login: pam_limits(login:session): error parsing the configuration file: '/etc/security/limits.conf'
    Feb 6 16:35:49 sysxyz login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
    Feb 6 16:35:49 sysxyz login: Error in service module
  • 6. Re: cannot login the system from console by using any users
    Dude! Guru
    Currently Being Moderated
    cannot read settings from /etc/security/limits.conf: Permission denied
    That seems to be the problem.

    Can you show the following output as root:

    # id
    # ls -l /etc/security/limits.conf
    # ls -ld /etc
    # sestatus
  • 7. Re: cannot login the system from console by using any users
    946717 Newbie
    Currently Being Moderated
    The following is outputs. Thank you very much for your time.


    [root@sysxyz ~]# id
    uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
    [root@sysxyz ~]# ls -l /etc/security/limits.conf
    -rw-r--r--. 1 root root 2623 Jun 8 2011 /etc/security/limits.conf
    [root@sysxyz ~]# ls -ld /etc
    drwxr-xr-x. 124 root root 12288 Feb 9 16:44 /etc
    [root@sysxyz ~]# sestatus
    SELinux status: enabled
    SELinuxfs mount: /selinux
    Current mode: enforcing
    Mode from config file: enforcing
    Policy version: 26
    Policy from config file: targeted
  • 8. Re: cannot login the system from console by using any users
    946717 Newbie
    Currently Being Moderated
    Additional symptom: as soon as I enter login id and password on Console, it will get the following message, and very quickly go back to login prompt again. This sumptom doesn't happen if I use putty and ssh to login, only on console.

    Error in service module
  • 9. Re: cannot login the system from console by using any users
    Dude! Guru
    Currently Being Moderated
    Can you login using the following in a terminal window on the server:

    # ssh root@localhost
  • 10. Re: cannot login the system from console by using any users
    946717 Newbie
    Currently Being Moderated
    Yes, I can without any problems.
  • 11. Re: cannot login the system from console by using any users
    Dude! Guru
    Currently Being Moderated
    Does the problem continue after typing the following:

    # restorecon -v './limits.conf'

    And if it still persists, how about after setting SElinux to permissive mode:

    # echo 0 >/selinux/enforce
  • 12. Re: cannot login the system from console by using any users
    946717 Newbie
    Currently Being Moderated
    the issue is fixed by using your first suggested command. What does 'restorecon..' do? this command did not chnage anything in limits.conf file, but got the following output. What changes being made as the result of running this command? Thank you so much for your help!

    # restorecon -v './limits.conf'
    restorecon reset /etc/security/limits.conf context unconfined_u:object_r:user_tmp_t:s0->unconfined_u:object_r:etc_t:s0

    Edited by: 943714 on Feb 10, 2013 10:42 AM
  • 13. Re: cannot login the system from console by using any users
    Dude! Guru
    Currently Being Moderated
    It was more or less a guess that SElinux was the issue and that limits.conf might be the culprit. Perhaps you renamed or restored the root volume, which can cause SELinux labeling issues. The restorecon command restores the default SELinux security context for the specified file.
  • 14. Re: cannot login the system from console by using any users
    946717 Newbie
    Currently Being Moderated
    root lvm is the same, we did not make changes to it. I don't know much about SELinux. Would you please explain to me on what went wrong here with SELinux? and what changes did restorecon make and fix the issue? We made some changes to limits.conf, had these changes caused the problem? but there are no any change being made after running 'recovercon'. the following are changes we made to limits.conf:
    # diff limits.conf limits.conf.orig
    46c46
    < oracle soft nofile 131072
    ---
    oracle soft nofile 1024
    49c49
    < oracle hard nofile 131072
    ---
    oracle hard nofile 65536
    62,67d61
    <
    < oracle hard memlock 50000000
    < oracle soft core unlimited
    < oracle hard core unlimited
    < oracle hard nproc 131072
    < oracle soft nproc 131072

    If you have time, please let me know, otherwise, this issue is resolved and thank you very much for your times.

    Edited by: 943714 on Feb 11, 2013 4:11 AM

    Edited by: 943714 on Feb 11, 2013 6:51 AM
1 2 Previous Next

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points