Summary: | vmware-server-1.0.0.28343 - vmware-authd root authentication failure | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Erik R. Jensen <erikrj> |
Component: | New packages | Assignee: | Gentoo VMWare Bug Squashers [disabled] <vmware+disabled> |
Status: | RESOLVED TEST-REQUEST | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | 2006.0 | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | new vmware-server ebuild in testing by drobbins |
Description
Erik R. Jensen
2006-08-09 08:55:50 UTC
Erik, please ensure that your root user is a member of the vmware group. All users authenticating externally must be a member of the vmware group, even if they're root. If that cures the problem, please report it back here and I'll mark this bug fixed. If you're still experiencing difficulties, let me know and I'll look into it further... 5:) The root user is a member of the vmware group. You will notice that it is pam_unix causing the authentication to fail and not the pam_listfile which is responsible for ensuring only users in the vmware group can authenticate. If it the vmware group was the issue, I would have seen this error: Aug 9 09:18:49 [xinetd] START: vmware-authd pid=7888 from=127.0.0.1 Aug 9 09:18:50 [vmware-authd] PAM-listfile: Refused user root for service vmware-authd Aug 9 09:18:50 [xinetd] EXIT: vmware-authd status=1 pid=7888 duration=1(sec) As a temporary very insuecure measure I added auth sufficient pam_rootok.so to the top of the /etc/pam.d/vmware-authd file and I was able to get in, so I think the problem is definitely not the vmware group and must be related to something in the pam configuration for vmware-authd. Unfortunately, I'm not a pam guru. Well, you're doing better than me, I didn't even spot that pam_unix in there! I'm also not a pam expert unfortunately, so I'll have to consult some people. I'm a little confused as to the error message occurring for pam_unix rather than pam_unix_acct, since pam_unix is only sufficient in each case (which presumably means if it succeeds, then you're in, but if it fails, it tries the pam_unix_acct module). As such, it shouldn't really report a failure, the last module that fails should. The best that I can suggest for the moment is to double check that the /etc/vmware/vmwaregroup file exists, and contains the word "vmware" and that root is a member of vmware. Could you also please check whether you can authenticate with normal users? It will tell us if there's something special about the root account, or if all accounts are failing... Yes it appears I can authenticate with normal users. It seems that the errors only apply when root logs in. Erik, sorry for the long delay, but I just had another idea. Could you please check through your PAM configuration and look for anywhere that root might specifically be denied? I imagine the only other place it might be is in your PAM default configuration. I don't know PAM well enough to tell you where to look immediately, but the message is definitely getting to vmware-authd (so it's unlikely to be an xinetd issue). Please also provide a list of the users in the vmware group (cat /etc/group | grep vmware), and errr, I dunno, anything else you can think of that might be important! 5:) Erik, managed to make any headway with the problem? I have not had a chance to look at this. I have a workaround in place. I will attempt upgrading vmware-server this next week and hope it resolves the issue. I apologize. Created attachment 111865 [details]
new vmware-server ebuild in testing by drobbins
sorry, browser/me messed up. Ignore that attachment - wrong bug #. Bug cleaning, marking this as TEST-REQUEST until Erik gets back to us... |