[SOLVED] Unable to login (tally already removed)

coolgoose54 · 2020-09-15 13:07:18

I have three laptops all running Arch and I updated all of them twice in the last month or so. The first time I updated (most likely when pam was updated) them I had to remove references to pam_tally to get to working login on all machines. And the second time I updated, did not need any changes (most likely when pambase was updated).

Sometime in the last month or so, I lost the capability to login into one of the machines. All other machines work fine. One of them that I do not login that often to, has lost the access. I can do root login on the terminal, I can do key based ssh login, but non-root login on terminal, login via SDDM and password based ssh login does not work.

I have compared the /etc/pam.d contents between working and broken machines and do not see any differences except additional gdm abd lightdm files on one of them.

Checked https://bugs.archlinux.org/task/67369 and I do have readenv at the end. Here is my system-login

#%PAM-1.0

auth       required   pam_shells.so
auth       requisite  pam_nologin.so
auth       include    system-auth
#sehejmeher auth login
auth            include         sehejmeher-login

account    required   pam_access.so
account    required   pam_nologin.so
account    include    system-auth

password   include    system-auth

session    optional   pam_loginuid.so
session    optional   pam_keyinit.so       force revoke
session    include    system-auth
session    optional   pam_motd.so          motd=/etc/motd
session    optional   pam_mail.so          dir=/var/spool/mail standard quiet
-session   optional   pam_systemd.so
session    required   pam_env.so           user_readenv=1
#sehejmeher session login
session         include         sehejmeher-login

sehejmeher-login is my script that mounts encrypted home at login and I have tried removing that, it does not help.

Last edited by coolgoose54 (2020-09-16 00:07:43)

seth · 2020-09-15 13:16:26

https://bugs.archlinux.org/task/67636 ?
There's also https://bugs.archlinux.org/task/67644

Otherwise please post a complete system journal covering a failed login attempt.

coolgoose54 · 2020-09-15 22:37:09

Thanks for the quick response.

I looked at https://bugs.archlinux.org/task/67644 but still get login failure after running faillock --user $USER --reset

$ sudo journalctl -f
Sep 15 18:31:10 HOSTNAME audit[8985]: USER_AUTH pid=8985 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="USERNAME" exe="/usr/bin/sshd" hostname=192.168.1.55 addr=192.168.1.55 terminal=ssh res=failed'
Sep 15 18:31:10 HOSTNAME kernel: kauditd_printk_skb: 1 callbacks suppressed
Sep 15 18:31:10 HOSTNAME kernel: audit: type=1100 audit(1600209070.202:237): pid=8985 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="USERNAME" exe="/usr/bin/sshd" hostname=192.168.1.55 addr=192.168.1.55 terminal=ssh res=failed'
Sep 15 18:31:11 HOSTNAME sshd[8985]: Failed password for USERNAME from 192.168.1.55 port 44098 ssh2
Sep 15 18:31:13 HOSTNAME sshd[8985]: Connection closed by authenticating user USERNAME 192.168.1.55 port 44098 [preauth]

I have also looked at https://bugs.archlinux.org/task/67636 and tried moving pam_env.so line in system-login to the end, setting user_readenv=0

Interestingly enough, my encrypted home directories are mounted properly, thus password is correct and my pam_exec script is running fine.

Trying to login on the terminal I get

$sudo journalctl -f
Sep 15 19:00:18 HOSTNAME audit[1112]: USER_AUTH pid=1112 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="USERNAME" exe="/usr/bin/login" hostname=HOSTNAME addr=? terminal=tty2 res=failed'
Sep 15 19:00:18 HOSTNAME kernel: audit: type=1100 audit(1600210818.391:211): pid=1112 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="USERNAME" exe="/usr/bin/login" hostname=HOSTNAME addr=? terminal=tty2 res=failed'
Sep 15 19:00:19 HOSTNAME systemd[1]: getty@tty2.service: Succeeded.
Sep 15 19:00:19 HOSTNAME kernel: audit: type=1131 audit(1600210819.584:212): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 15 19:00:19 HOSTNAME audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 15 19:00:19 HOSTNAME systemd[1]: getty@tty2.service: Scheduled restart job, restart counter is at 1.
Sep 15 19:00:19 HOSTNAME systemd[1]: Stopped Getty on tty2.
Sep 15 19:00:19 HOSTNAME audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 15 19:00:19 HOSTNAME audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 15 19:00:19 HOSTNAME systemd[1]: Started Getty on tty2.
Sep 15 19:00:19 HOSTNAME audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 15 19:00:19 HOSTNAME kernel: audit: type=1130 audit(1600210819.608:213): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 15 19:00:19 HOSTNAME kernel: audit: type=1131 audit(1600210819.608:214): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Sep 15 19:00:19 HOSTNAME kernel: audit: type=1130 audit(1600210819.608:215): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Last edited by coolgoose54 (2020-09-15 23:04:25)

coolgoose54 · 2020-09-15 23:49:34

I tried downgrading pambase to pambase-20200721.1-1 and pambase-20190105.1-2 but that too did not help, thus reverted back to latest pambase. Another thing I found out is that an old admin (wheel group) account can login via ssh using password, while regular non-admin users cannot. I tried adding a test regular account to wheel but did not help either. With all these symptoms, it sounds like permissions issue to me.

coolgoose54 · 2020-09-16 00:07:04

Found the issue, it was pam_shells, regular accounts were using /usr/bin/bash as shell as compared to admin accounts using /bin/bash

BertiBoeller · 2020-10-15 15:01:23

If anybody has the same problem you could try the following two things:
1. Check if you have a /etc/pam.d/system-login.pacnew file. If so rename the file:

mv /etc/pam.d/system-login{.pacnew,}

2. Check the root default shell

# cat /etc/shells
# grep root /etc/passwd

If it is not a valid shell change the default shell:

# usermod --shell /usr/bin/bash root

Arch Linux

#1 2020-09-15 13:07:18

[SOLVED] Unable to login (tally already removed)

#2 2020-09-15 13:16:26

Re: [SOLVED] Unable to login (tally already removed)

#3 2020-09-15 22:37:09

Re: [SOLVED] Unable to login (tally already removed)

#4 2020-09-15 23:49:34

Re: [SOLVED] Unable to login (tally already removed)

#5 2020-09-16 00:07:04

Re: [SOLVED] Unable to login (tally already removed)

#6 2020-10-15 15:01:23

Re: [SOLVED] Unable to login (tally already removed)

Board footer