You are not logged in.
I have three laptops all running Arch and I updated all of them twice in the last month or so. The first time I updated (most likely when pam was updated) them I had to remove references to pam_tally to get to working login on all machines. And the second time I updated, did not need any changes (most likely when pambase was updated).
Sometime in the last month or so, I lost the capability to login into one of the machines. All other machines work fine. One of them that I do not login that often to, has lost the access. I can do root login on the terminal, I can do key based ssh login, but non-root login on terminal, login via SDDM and password based ssh login does not work.
I have compared the /etc/pam.d contents between working and broken machines and do not see any differences except additional gdm abd lightdm files on one of them.
Checked https://bugs.archlinux.org/task/67369 and I do have readenv at the end. Here is my system-login
#%PAM-1.0
auth required pam_shells.so
auth requisite pam_nologin.so
auth include system-auth
#sehejmeher auth login
auth include sehejmeher-login
account required pam_access.so
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_loginuid.so
session optional pam_keyinit.so force revoke
session include system-auth
session optional pam_motd.so motd=/etc/motd
session optional pam_mail.so dir=/var/spool/mail standard quiet
-session optional pam_systemd.so
session required pam_env.so user_readenv=1
#sehejmeher session login
session include sehejmeher-login
sehejmeher-login is my script that mounts encrypted home at login and I have tried removing that, it does not help.
Last edited by coolgoose54 (2020-09-16 00:07:43)
Offline
https://bugs.archlinux.org/task/67636 ?
There's also https://bugs.archlinux.org/task/67644
Otherwise please post a complete system journal covering a failed login attempt.
Online
Thanks for the quick response.
I looked at https://bugs.archlinux.org/task/67644 but still get login failure after running faillock --user $USER --reset
$ sudo journalctl -f
Sep 15 18:31:10 HOSTNAME audit[8985]: USER_AUTH pid=8985 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="USERNAME" exe="/usr/bin/sshd" hostname=192.168.1.55 addr=192.168.1.55 terminal=ssh res=failed'
Sep 15 18:31:10 HOSTNAME kernel: kauditd_printk_skb: 1 callbacks suppressed
Sep 15 18:31:10 HOSTNAME kernel: audit: type=1100 audit(1600209070.202:237): pid=8985 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="USERNAME" exe="/usr/bin/sshd" hostname=192.168.1.55 addr=192.168.1.55 terminal=ssh res=failed'
Sep 15 18:31:11 HOSTNAME sshd[8985]: Failed password for USERNAME from 192.168.1.55 port 44098 ssh2
Sep 15 18:31:13 HOSTNAME sshd[8985]: Connection closed by authenticating user USERNAME 192.168.1.55 port 44098 [preauth]
I have also looked at https://bugs.archlinux.org/task/67636 and tried moving pam_env.so line in system-login to the end, setting user_readenv=0
Interestingly enough, my encrypted home directories are mounted properly, thus password is correct and my pam_exec script is running fine.
Trying to login on the terminal I get
$sudo journalctl -f
Sep 15 19:00:18 HOSTNAME audit[1112]: USER_AUTH pid=1112 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="USERNAME" exe="/usr/bin/login" hostname=HOSTNAME addr=? terminal=tty2 res=failed'
Sep 15 19:00:18 HOSTNAME kernel: audit: type=1100 audit(1600210818.391:211): pid=1112 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="USERNAME" exe="/usr/bin/login" hostname=HOSTNAME addr=? terminal=tty2 res=failed'
Sep 15 19:00:19 HOSTNAME systemd[1]: getty@tty2.service: Succeeded.
Sep 15 19:00:19 HOSTNAME kernel: audit: type=1131 audit(1600210819.584:212): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 15 19:00:19 HOSTNAME audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 15 19:00:19 HOSTNAME systemd[1]: getty@tty2.service: Scheduled restart job, restart counter is at 1.
Sep 15 19:00:19 HOSTNAME systemd[1]: Stopped Getty on tty2.
Sep 15 19:00:19 HOSTNAME audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 15 19:00:19 HOSTNAME audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 15 19:00:19 HOSTNAME systemd[1]: Started Getty on tty2.
Sep 15 19:00:19 HOSTNAME audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 15 19:00:19 HOSTNAME kernel: audit: type=1130 audit(1600210819.608:213): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 15 19:00:19 HOSTNAME kernel: audit: type=1131 audit(1600210819.608:214): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 15 19:00:19 HOSTNAME kernel: audit: type=1130 audit(1600210819.608:215): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Last edited by coolgoose54 (2020-09-15 23:04:25)
Offline
I tried downgrading pambase to pambase-20200721.1-1 and pambase-20190105.1-2 but that too did not help, thus reverted back to latest pambase. Another thing I found out is that an old admin (wheel group) account can login via ssh using password, while regular non-admin users cannot. I tried adding a test regular account to wheel but did not help either. With all these symptoms, it sounds like permissions issue to me.
Offline
Found the issue, it was pam_shells, regular accounts were using /usr/bin/bash as shell as compared to admin accounts using /bin/bash
Offline
If anybody has the same problem you could try the following two things:
1. Check if you have a /etc/pam.d/system-login.pacnew file. If so rename the file:
mv /etc/pam.d/system-login{.pacnew,}
2. Check the root default shell
# cat /etc/shells
# grep root /etc/passwd
If it is not a valid shell change the default shell:
# usermod --shell /usr/bin/bash root
Offline