I emerged vmware-server-1.0.0.28343.ebuild. All went well on the install, but I am unable to authenticate correctly to vmware-authd with the vmware-server-console. Below is the syslog output: Aug 9 09:51:26 [vmware-authd(pam_unix)] authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Aug 9 09:51:28 [vmware-authd(pam_unix)] 1 more authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root Aug 9 09:51:28 [xinetd] EXIT: vmware-authd status=1 pid=10624 duration=3(sec) I'm logging in as root and I am using the correct password. I'm also not doing anything fancy in pam and using the default vmware-authd pam configuration. Below is the pam configuration: #%PAM-1.0 auth sufficient pam_unix.so shadow nullok auth required pam_unix_auth.so shadow nullok account required pam_listfile.so item=group sense=allow file=/etc/vmware/vmwaregroup onerr=fail account sufficient pam_unix.so account required pam_unix_acct.so I hope I'm not just overlooking something obvious and that this is an actual problem with the pam configuration the ebuild lays down. Thanks. Below is my emerge --info output. quinn pam.d # emerge --info Portage 2.1-r1 (default-linux/x86/2006.0, gcc-3.3.6, glibc-2.3.6-r4, 2.6.12-gentoo-r6-e0 i686) ================================================================= System uname: 2.6.12-gentoo-r6-e0 i686 Intel(R) Pentium(R) 4 CPU 3.00GHz Gentoo Base System version 1.6.15 app-admin/eselect-compiler: [Not Present] dev-lang/python: 2.3.5, 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O3 -march=pentium4 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O3 -march=pentium4 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 alsa apache2 apm arts avi berkdb bitmap-fonts cli crypt cups dba dlloader dri eds emboss encode esd foomaticdb fortran gd gdbm gif gpm gstreamer imagemagick imap imlib ipv6 isdnlog java jpeg ldap libg++ libwww mad mikmod motif mp3 mpeg mysql ncurses nls nomalloccheck nptl ogg opengl oss pam pcre pdflib perl png postgres pppd python qt3 qt4 quicktime readline reflection sasl session spell spl sse ssl tcpd truetype truetype-fonts type1-fonts udev vorbis xml xmms xorg xv zlib elibc_glibc input_devices_keyboard input_devices_mouse input_devices_evdev kernel_linux userland_GNU" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Erik, please ensure that your root user is a member of the vmware group. All users authenticating externally must be a member of the vmware group, even if they're root. If that cures the problem, please report it back here and I'll mark this bug fixed. If you're still experiencing difficulties, let me know and I'll look into it further... 5:)
The root user is a member of the vmware group. You will notice that it is pam_unix causing the authentication to fail and not the pam_listfile which is responsible for ensuring only users in the vmware group can authenticate. If it the vmware group was the issue, I would have seen this error: Aug 9 09:18:49 [xinetd] START: vmware-authd pid=7888 from=127.0.0.1 Aug 9 09:18:50 [vmware-authd] PAM-listfile: Refused user root for service vmware-authd Aug 9 09:18:50 [xinetd] EXIT: vmware-authd status=1 pid=7888 duration=1(sec) As a temporary very insuecure measure I added auth sufficient pam_rootok.so to the top of the /etc/pam.d/vmware-authd file and I was able to get in, so I think the problem is definitely not the vmware group and must be related to something in the pam configuration for vmware-authd. Unfortunately, I'm not a pam guru.
Well, you're doing better than me, I didn't even spot that pam_unix in there! I'm also not a pam expert unfortunately, so I'll have to consult some people. I'm a little confused as to the error message occurring for pam_unix rather than pam_unix_acct, since pam_unix is only sufficient in each case (which presumably means if it succeeds, then you're in, but if it fails, it tries the pam_unix_acct module). As such, it shouldn't really report a failure, the last module that fails should. The best that I can suggest for the moment is to double check that the /etc/vmware/vmwaregroup file exists, and contains the word "vmware" and that root is a member of vmware. Could you also please check whether you can authenticate with normal users? It will tell us if there's something special about the root account, or if all accounts are failing...
Yes it appears I can authenticate with normal users. It seems that the errors only apply when root logs in.
Erik, sorry for the long delay, but I just had another idea. Could you please check through your PAM configuration and look for anywhere that root might specifically be denied? I imagine the only other place it might be is in your PAM default configuration. I don't know PAM well enough to tell you where to look immediately, but the message is definitely getting to vmware-authd (so it's unlikely to be an xinetd issue). Please also provide a list of the users in the vmware group (cat /etc/group | grep vmware), and errr, I dunno, anything else you can think of that might be important! 5:)
Erik, managed to make any headway with the problem?
I have not had a chance to look at this. I have a workaround in place. I will attempt upgrading vmware-server this next week and hope it resolves the issue. I apologize.
Created attachment 111865 [details] new vmware-server ebuild in testing by drobbins
sorry, browser/me messed up. Ignore that attachment - wrong bug #.
Bug cleaning, marking this as TEST-REQUEST until Erik gets back to us...
