Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: cron and PAM ERROR (Cannot make/remove an entry for the specified session)

  1. #1
    Join Date
    May 2011
    Posts
    11

    Default cron and PAM ERROR (Cannot make/remove an entry for the specified session)

    Hello,

    I run a virtual server with a standard minimal openSUSE 11.4 installation (Strato image) and all recent updates installed.

    Code:
    $ uname -a
    Linux servername 2.6.18-028stab089.1 #1 SMP Thu Apr 14 13:46:04 MSD 2011 i686 athlon i386 GNU/Linux
    A few days into running the server I found that although /usr/sbin/cron was running it didn't execute the cron scripts. Instead, I find this:

    Code:
    $ tail -n 3 /var/log/messages
    Jun 28 18:00:01 servername /usr/sbin/cron[28590]: pam_warn(crond:session): function=[pam_sm_open_session] service=[crond] terminal=[cron] user=[root] ruser=[<unknown>] rhost=[<unknown>]
    Jun 28 18:00:01 servername /usr/sbin/cron[28590]: (root) PAM ERROR (Cannot make/remove an entry for the specified session)
    Jun 28 18:00:01 servername /usr/sbin/cron[28590]: (root) FAILED to open PAM security session (Cannot make/remove an entry for the specified session)
    repeated every 20 minutes. I have this

    Code:
    $ cat /etc/pam.d/crond
    #
    # The PAM configuration file for the cron daemon
    #
    #
    # No PAM authentication called, auth modules not needed
    auth     sufficient     pam_rootok.so
    account  sufficient     pam_listfile.so item=user sense=allow file=/etc/cron.allow onerr=succeed quiet
    auth     include        common-auth
    account  include        common-account
    password include        common-password
    as per the standard installation and /etc/cron.allow doesn't exist (I tested if it made a difference if it existed with the single line root in it, but there was no effect).

    Although there are similar but not identical issues reported on the web, days of searching the forums and Google didn't resolve it for me. Any advice how I can debug this? I need cron to execute because I want zypper to auto-update my server. On my home openSUSE 11.4 installation the problem doesn't exist. Is it perhaps related to the settings in the yast security center?

    Cheers.

  2. #2
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: cron and PAM ERROR (Cannot make/remove an entry for the specifiedsession)

    On 2011-06-28 18:36, wmsx wrote:

    > password include common-password
    >
    > --------------------


    I have one more:

    Code:
    session  required       pam_loginuid.so

    But there was an update related to cron, IIRC.

    > because I want
    > zypper to auto-update my server.


    I don't think that is wise.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

  3. #3
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: cron and PAM ERROR (Cannot make/remove an entry for the specifiedsession)

    You say you are running 11.4, yet your kernel version seems to be custom. Or is that an artifact of the virtual machine?

    Linux servername 2.6.18-028stab089.1 #1 SMP Thu Apr 14 13:46:04 MSD 2011 i686 athlon i386 GNU/Linux

  4. #4
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    4,654

    Default Re: cron and PAM ERROR (Cannot make/remove an entry for the specified session)

    ken yap wrote:

    > 2.6.18-028stab089.1

    This is no openSUSE kernel version, it is most probably a CentOS 5/Red Hat 5
    kernel.

    --
    PC: oS 11.3 64 bit | Intel Core2 Quad Q8300@2.50GHz | KDE 4.6.4 | GeForce
    9600 GT | 4GB Ram
    Eee PC 1201n: oS 11.4 64 bit | Intel Atom 330@1.60GHz | KDE 4.6.4 | nVidia
    ION | 3GB Ram

  5. #5
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    4,654

    Default Re: cron and PAM ERROR (Cannot make/remove an entry for the specified session)

    @wmsx
    On your server (the one with the 2.6.18-028stab089.1 kernel), what is the
    output from
    Code:
    cat /etc/*release*
    I would not be surprised if you will see something like that
    Code:
    [centos@centos ~]$ cat /etc/*release*
    cat: /etc/lsb-release.d: Is a directory
    CentOS release 5.6 (Final)
    instead of
    Code:
    martinh@sirius:~> cat /etc/*release*
    openSUSE 11.4 (x86_64)
    VERSION = 11.4
    If I am wrong and you have a openSUSE with this custom kernel, you should
    contact your provider about it, what other special customizations are made
    to the version they provide on that machine.

    --
    PC: oS 11.3 64 bit | Intel Core2 Quad Q8300@2.50GHz | KDE 4.6.4 | GeForce
    9600 GT | 4GB Ram
    Eee PC 1201n: oS 11.4 64 bit | Intel Atom 330@1.60GHz | KDE 4.6.4 | nVidia
    ION | 3GB Ram

  6. #6
    Join Date
    May 2011
    Posts
    11

    Default Re: cron and PAM ERROR (Cannot make/remove an entry for the specifiedsession)

    Carlos, adding

    Code:
    session  required       pam_loginuid.so
    fixed it! Some checking showed that the cronie package installed on my virtual server is cronie-1.4.7-9.21.1.i586 and that apparently does not contain above line.

    On my home computer, which is x86_64, the cronie package is cronie-1.4.7-9.19.1.x86_64 and it does already contain above line.

    Would that be expected behaviour? Anyway, thanks very much.

    Oh by the way, why wouldn't it be reasonable to have automatic updates on for my server? Say I go on summer leave and will be off-line for 4 weeks and, after a day or so, some new exploit is made public? I wouldn't want the server to remain vulnerable? Or perhaps amateur admins shouldn't go on leave

  7. #7
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: cron and PAM ERROR (Cannot make/remove an entry for the specifiedsession)

    On 2011-06-29 12:36, wmsx wrote:

    > Oh by the way, why wouldn't it be reasonable to have automatic updates
    > on for my server?


    Because sometimes updates do break the system.

    > Say I go on summer leave and will be off-line for 4
    > weeks and, after a day or so, some new exploit is made public? I
    > wouldn't want the server to remain vulnerable? Or perhaps amateur admins
    > shouldn't go on leave


    Bad luck >:-)

    Worse, you have a non openSUSE kernel, so I would certainly not touch that
    machine.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

  8. #8
    Join Date
    May 2011
    Posts
    11

    Default Re: cron and PAM ERROR (Cannot make/remove an entry for the specified session)

    Well, it really is openSUSE 11.4

    Code:
    # cat /etc/*release*
    2011050301
    openSUSE 11.4 (i586)
    VERSION = 11.4
    CODENAME = Celadon
    but I believe that Strato servers use Virtuozzo (by Parallels) for the virtualisation. I don't know much about it but I believe that it means that on a single physical machine there's only a single special kernel running multiple "operating systems" (i.e. anything except the kernel) in parallel. This would be more efficient than running multiple instances of a traditional virtualisation product such as VMware of VirtualBox. That would explain why the kernel is not openSUSE while the rest is.

    The software repositories are openSUSE's but there's no kernel rpm installed. In fact, I couldn't find a kernel binary on the virtual server which somehow supports above hypothesis.

  9. #9
    Join Date
    May 2011
    Posts
    11

    Default Re: cron and PAM ERROR (Cannot make/remove an entry for the specifiedsession)

    Quote Originally Posted by robin_listas View Post
    On 2011-06-29 12:36, wmsx wrote:

    > Oh by the way, why wouldn't it be reasonable to have automatic updates
    > on for my server?


    Because sometimes updates do break the system.
    Yes, I agree with you. In this special case I would prefer to have a broken system than a broken-into system Not excluding the possibility that the former could promote the latter, of course...

  10. #10
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    4,654

    Default Re: cron and PAM ERROR (Cannot make/remove an entry for the specified session)

    wmsx wrote:

    >
    > Well, it really is openSUSE 11.4

    Thanks for the feedback, at the end I somehow expected something like that
    (without understanding much about such systems like virtuozzo) after you
    mentioned your version of cronie which simply is not used in RHEL or CentOS.
    I just was a bit side tracked by the version which is from an openvz RHEL5
    repository.
    http://mirror.europhase.net/openvz/k.../028stab089.1/
    and corresponds well to the version I know from my CentOS 5.6 installation
    (2.6.18).
    So I ran into a false conclusion.
    Sorry.

    --
    PC: oS 11.3 64 bit | Intel Core2 Quad Q8300@2.50GHz | KDE 4.6.4 | GeForce
    9600 GT | 4GB Ram
    Eee PC 1201n: oS 11.4 64 bit | Intel Atom 330@1.60GHz | KDE 4.6.4 | nVidia
    ION | 3GB Ram

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •