No daemons or users can authenticate.

CNConrad · March 9, 2016, 4:37pm

Hi everyone

I hope that you can help me.

I have searched the forum for related threads and nothing is exactly what I have here. I have tried the suggestions on those posts, and nothing has helped, thus the new thread.

I have a newly setup server which is running mysql, freeradius, daloradius (apache2 + php) which was all working correctly, and then after
changing the group file manually - yes I know I should not be doing it this way ] to add the wwwrun user to another group, the server refused to allow any further logins from either users (including the root user on the console screen).

It is a minimal install so NO GUI is installed.

I have verified using the pwck and grpck utility apps that the file formats are correct as well as changed the passwords of the relevant users (root and one other non-admin user).

All the usernames exist that are referenced by the daemons (radiusd, wwwrun, mysql,

The relevant users are in fact in the passwd andthe shadow files and are all assigned to groups in the group file.

I have checked to see if there are perhaps any special unseen characters in the relevant files.

I have reinstalled all the programs that reference anything to do with authentication such as pam.

Have I left anything out that will help here?

Here is an excerpt from what I have captured from the logs after appending ’ s’ to the grub2 kernel start parameter line (without the quotes) which method I used to interrogate the system, and which when asking for the root password was happy with what I was entering.

Mar 08 15:53:17 server-name wicked[1182]: lo up
Mar 08 15:53:17 server-name wicked[1182]: eth0 up
Mar 08 15:53:17 server-name wicked[1182]: idrac no-device
Mar 08 15:53:17 server-name sshd-gen-keys-start[1463]: Checking for missing server keys in /etc/ssh
Mar 08 15:53:17 server-name sshd-gen-keys-start[1463]: No user exists for uid 0
Mar 08 15:53:17 server-name chown[1478]: /bin/chown: invalid user: ‘radiusd.radiusd’
Mar 08 15:53:17 server-name ntpd[1476]: ntpd 4.2.8p4@1.3265-o Thu Dec 17 05:32:52 UTC 2015 (1): Starting
Mar 08 15:53:17 server-name ntpd[1476]: Command line: /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
Mar 08 15:53:17 server-name start-ntpd[1462]: Starting network time protocol daemon (NTPD)
Mar 08 15:53:17 server-name ntpd[1483]: proto: precision = 0.116 usec (-23)
Mar 08 15:53:17 server-name ntpd[1483]: switching logging to file /var/log/ntp
Mar 08 15:53:17 server-name SuSEfirewall2[1491]: Setting up rules from /etc/sysconfig/SuSEfirewall2 …
Mar 08 15:53:17 server-name mysql-systemd-helper[1480]: chown: invalid user: ‘mysql:mysql’
Mar 08 15:53:17 server-name mysql-systemd-helper[1510]: chown: invalid user: ‘mysql:mysql’
Mar 08 15:53:17 server-name SuSEfirewall2[1541]: using default zone ‘ext’ for interface em2
Mar 08 15:53:17 server-name SuSEfirewall2[1552]: using default zone ‘ext’ for interface em3
Mar 08 15:53:17 server-name mysql-systemd-helper[1525]: chown: invalid user: ‘mysql:mysql’
Mar 08 15:53:17 server-name mysql-systemd-helper[1526]: chown: invalid user: ‘mysql:mysql’
Mar 08 15:53:17 server-name mysql-systemd-helper[1526]: Waiting for MySQL to start
Mar 08 15:53:17 server-name SuSEfirewall2[1558]: using default zone ‘ext’ for interface em4
Mar 08 15:53:17 server-name SuSEfirewall2[1561]: using default zone ‘ext’ for interface eth0
Mar 08 15:53:17 server-name systemd[1]: Failed to start FreeRADIUS high performance RADIUS server…
Mar 08 15:53:17 server-name sshd-gen-keys-start[1617]: Checking for missing server keys in /etc/ssh
Mar 08 15:53:17 server-name systemd[1]: Failed to start OpenSSH Daemon.
Mar 08 15:53:18 server-name sshd-gen-keys-start[1617]: No user exists for uid 0
Mar 08 15:53:18 server-name SuSEfirewall2[1461]: iptables-batch v1.4.21: invalid port/service http' specified Mar 08 15:53:18 server-name SuSEfirewall2[1461]: Try iptables-batch -h’ or ‘iptables-batch --help’ for more information.
Mar 08 15:53:18 server-name SuSEfirewall2[1675]: Error: iptables-batch failed, re-running using iptables
Mar 08 15:53:18 server-name SuSEfirewall2[1461]: SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
Mar 08 15:53:18 server-name SuSEfirewall2[1461]: iptables v1.4.21: invalid port/service http' specified Mar 08 15:53:18 server-name SuSEfirewall2[1461]: Try iptables -h’ or ‘iptables --help’ for more information.
Mar 08 15:53:18 server-name SuSEfirewall2[1461]: iptables v1.4.21: invalid port/service http' specified Mar 08 15:53:18 server-name SuSEfirewall2[1461]: Try iptables -h’ or ‘iptables --help’ for more information.
Mar 08 15:53:18 server-name SuSEfirewall2[1461]: iptables v1.4.21: invalid port/service https' specified Mar 08 15:53:18 server-name SuSEfirewall2[1461]: Try iptables -h’ or ‘iptables --help’ for more information.
Mar 08 15:53:18 server-name SuSEfirewall2[1461]: iptables v1.4.21: invalid port/service https' specified Mar 08 15:53:18 server-name SuSEfirewall2[1461]: Try iptables -h’ or ‘iptables --help’ for more information.
Mar 08 15:53:18 server-name SuSEfirewall2[1461]: ip6tables-batch v1.4.21: Port “dhcpv6-client” does not resolve to anything.
Mar 08 15:53:18 server-name SuSEfirewall2[1461]: Try ip6tables-batch -h' or 'ip6tables-batch --help' for more information. Mar 08 15:53:18 server-name SuSEfirewall2[1730]: Error: ip6tables-batch failed, re-running using ip6tables Mar 08 15:53:18 server-name SuSEfirewall2[1461]: SuSEfirewall2: Error: ip6tables-batch failed, re-running using ip6tables Mar 08 15:53:18 server-name sshd-gen-keys-start[1741]: Checking for missing server keys in /etc/ssh Mar 08 15:53:18 server-name sshd-gen-keys-start[1741]: No user exists for uid 0 Mar 08 15:53:18 server-name SuSEfirewall2[1461]: ip6tables v1.4.21: Port "dhcpv6-client" does not resolve to anything. Mar 08 15:53:18 server-name SuSEfirewall2[1461]: Try ip6tables -h’ or ‘ip6tables --help’ for more information.
Mar 08 15:53:18 server-name SuSEfirewall2[1461]: ip6tables v1.4.21: invalid port/service http' specified Mar 08 15:53:18 server-name SuSEfirewall2[1461]: Try ip6tables -h’ or ‘ip6tables --help’ for more information.
Mar 08 15:53:18 server-name SuSEfirewall2[1461]: ip6tables v1.4.21: invalid port/service http' specified Mar 08 15:53:18 server-name SuSEfirewall2[1461]: Try ip6tables -h’ or ‘ip6tables --help’ for more information.
Mar 08 15:53:18 server-name SuSEfirewall2[1461]: ip6tables v1.4.21: invalid port/service https' specified Mar 08 15:53:18 server-name SuSEfirewall2[1461]: Try ip6tables -h’ or ‘ip6tables --help’ for more information.
Mar 08 15:53:18 server-name SuSEfirewall2[1461]: ip6tables v1.4.21: invalid port/service https' specified Mar 08 15:53:18 server-name SuSEfirewall2[1461]: Try ip6tables -h’ or ‘ip6tables --help’ for more information.
Mar 08 15:53:18 server-name SuSEfirewall2[1790]: Firewall rules successfully set
Mar 08 15:53:18 server-name sshd-gen-keys-start[1792]: Checking for missing server keys in /etc/ssh
Mar 08 15:53:18 server-name sshd-gen-keys-start[1792]: No user exists for uid 0
Mar 08 15:53:18 server-name sshd-gen-keys-start[1797]: Checking for missing server keys in /etc/ssh
Mar 08 15:53:18 server-name sshd-gen-keys-start[1797]: No user exists for uid 0
Mar 08 15:53:18 server-name start_apache2[1477]: AH00543: httpd-prefork: bad user name wwwrun
Mar 08 15:53:18 server-name start_apache2[1803]: AH00543: httpd-prefork: bad user name wwwrun
Mar 08 15:53:18 server-name systemd[1]: sshd.service start request repeated too quickly, refusing to start.
Mar 08 15:53:18 server-name systemd[1]: Failed to start OpenSSH Daemon.
Mar 08 15:53:19 server-name mysql-systemd-helper[1525]: 160308 15:53:19 [Note] /usr/sbin/mysqld (mysqld 10.0.22-MariaDB) starting as process 1525 …
Mar 08 15:53:19 server-name mysql-systemd-helper[1525]: 160308 15:53:19 [ERROR] Fatal error: Can’t change to run as user ‘mysql’ ; Please check that the user exists!
Mar 08 15:53:19 server-name mysql-systemd-helper[1525]: 160308 15:53:19 [ERROR] Aborting
Mar 08 15:53:19 server-name mysql-systemd-helper[1525]: 160308 15:53:19 [Note] /usr/sbin/mysqld: Shutdown complete
Mar 08 15:53:45 server-name login[1811]: pam_unix(login:auth): check pass; user unknown
Mar 08 15:53:45 server-name login[1811]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
Mar 08 15:53:47 server-name login[1811]: FAILED LOGIN 1 FROM tty1 FOR (unknown), User not known to the underlying authentication module
Mar 08 15:54:18 server-name mysql-systemd-helper[1526]: MySQL is still dead
Mar 08 15:54:18 server-name echo[1935]: Starting mail service (Postfix)
Mar 08 15:54:18 server-name postfix[1948]: fatal: file /etc/postfix/main.cf: parameter default_privs: unknown user name value: nobody
Mar 08 15:54:18 server-name login[1811]: pam_unix(login:auth): check pass; user unknown
Mar 08 15:54:18 server-name mysql-systemd-helper[1949]: chown: invalid user: ‘mysql:mysql’
Mar 08 15:54:18 server-name mysql-systemd-helper[1963]: chown: invalid user: ‘mysql:mysql’
Mar 08 15:54:18 server-name mysql-systemd-helper[1978]: chown: invalid user: ‘mysql:mysql’
Mar 08 15:54:18 server-name mysql-systemd-helper[1979]: chown: invalid user: ‘mysql:mysql’
Mar 08 15:54:18 server-name mysql-systemd-helper[1979]: Waiting for MySQL to start
Mar 08 15:54:18 server-name mysql-systemd-helper[1978]: 160308 15:54:18 [Note] /usr/sbin/mysqld (mysqld 10.0.22-MariaDB) starting as process 1978 …
Mar 08 15:54:18 server-name mysql-systemd-helper[1978]: 160308 15:54:18 [ERROR] Fatal error: Can’t change to run as user ‘mysql’ ; Please check that the user exists!
Mar 08 15:54:18 server-name mysql-systemd-helper[1978]: 160308 15:54:18 [ERROR] Aborting
Mar 08 15:54:18 server-name mysql-systemd-helper[1978]: 160308 15:54:18 [Note] /usr/sbin/mysqld: Shutdown complete
Mar 08 15:54:19 server-name cron[2008]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 40% if used.)
Mar 08 15:54:19 server-name cron[2008]: (CRON) bad username (/etc/crontab)
Mar 08 15:54:19 server-name cron[2008]: (CRON) INFO (running with inotify support)
Mar 08 15:54:20 server-name login[1811]: FAILED LOGIN 2 FROM tty1 FOR (unknown), User not known to the underlying authentication module
Mar 08 15:54:24 server-name SuSEfirewall2[2040]: Not unloading firewall rules at system shutdown
Mar 08 15:54:25 server-name wicked[2043]: eth0 device-ready
Mar 08 15:54:30 server-name auditd[1075]: The audit daemon is exiting.
Mar 08 15:54:30 server-name kernel: audit: type=1305 audit(1457445270.023:185): audit_pid=0 old=1075 auid=4294967295 ses=4294967295 res=1
Mar 08 15:54:30 server-name kernel: audit: type=1131 audit(1457445270.027:186): pid=1 uid=0 auid=4294967295 ses=4294967295 msg=’ comm=“auditd” exe=“/usr/lib/systemd/systemd” hostname=? addr=? terminal=? res=success’
Mar 08 15:54:30 server-name kernel: XFS (sdb1): Unmounting Filesystem
Mar 08 15:54:30 server-name kernel: audit: type=1131 audit(1457445270.111:187): pid=1 uid=0 auid=4294967295 ses=4294967295 msg=’ comm=“systemd-remount-fs” exe=“/usr/lib/systemd/systemd” hostname=? addr=? terminal=? res=success’
Mar 08 15:54:30 server-name kernel: audit: type=1131 audit(1457445270.119:188): pid=1 uid=0 auid=4294967295 ses=4294967295 msg=’ comm=“systemd-readahead-replay” exe=“/usr/lib/systemd/systemd” hostname=? addr=? terminal=? res=success’
Mar 08 15:54:30 server-name kernel: audit: type=1131 audit(1457445270.143:189): pid=1 uid=0 auid=4294967295 ses=4294967295 msg=’ comm=“systemd-readahead-collect” exe=“/usr/lib/systemd/systemd” hostname=? addr=? terminal=? res=success’
Mar 08 15:54:30 server-name kernel: audit: type=1130 audit(1457445270.159:190): pid=1 uid=0 auid=4294967295 ses=4294967295 msg=’ comm=“halt-local” exe=“/usr/lib/systemd/systemd” hostname=? addr=? terminal=? res=success’
Mar 08 15:54:30 server-name systemd-journal[664]: Journal stopped

gogalthorp · March 9, 2016, 4:43pm

Maybe restore the backup the text editor made??

tsu2 · March 9, 2016, 5:35pm

You have many invalid users, it looks like the invalid user accounts displayed in your posted log are your

radiusd.radiusd
mysql.mysql

Plus,
Whatever User account used for ssh authentication is missing certs
iptables/SuSEFW isn’t configured properly (no specific reason given)

You have a “bad user wwwrun” - Did you create a User wwwrun or a group? Perhaps you created a User wwwrun when you actually meant to create a group? What are the specifics what you tried to do?

When you have so many problems, a restore from backup is probably your most sure resolution. Perhaps a snapper rollback to a snapshot prior to your mistakes should be considered?

If no rollback or restore is possible, then I’d recommend

Force re-installing your radius, mysql and apache packages, force re-installing is supposed to re-instate default configurations, libraries, etc.

zypper in -f mysql freeradius daloradius apache2

You may need to “force re-install” more packages than what is listed.

You <may> need to re-create the normal User account you’ve been using, no specific reason seems to have been given why that User failed and the related XFS file system was unmounted.

TSU

CNConrad · March 9, 2016, 7:04pm

One of the firat things I tried. Did not help.

Your suggestion is appreciated though.

CNConrad · March 9, 2016, 7:15pm

tsu2:

You have many invalid users, it looks like the invalid user accounts displayed in your posted log are your

radiusd.radiusd
mysql.mysql

Plus,
Whatever User account used for ssh authentication is missing certs
iptables/SuSEFW isn’t configured properly (no specific reason given)

You have a “bad user wwwrun” - Did you create a User wwwrun or a group? Perhaps you created a User wwwrun when you actually meant to create a group? What are the specifics what you tried to do?

When you have so many problems, a restore from backup is probably your most sure resolution. Perhaps a snapper rollback to a snapshot prior to your mistakes should be considered?

If no rollback or restore is possible, then I’d recommend

Force re-installing your radius, mysql and apache packages, force re-installing is supposed to re-instate default configurations, libraries, etc.
zypper in -f mysql freeradius daloradius apache2
You may need to “force re-install” more packages than what is listed.

You <may> need to re-create the normal User account you’ve been using, no specific reason seems to have been given why that User failed and the related XFS file system was unmounted.

TSU

I was hoping to find some way where I would not need to do that. I may as well do a fresh install and redo the whole system which was actually working really well before it went nuts.

I will retry making the users again, although they are clearly visible in the relevant files.

Thanks for that, your suggestion is appreciated.

nrickert · March 9, 2016, 7:51pm

I am guessing a syntax error in “/etc/passwd” or “/etc/group”.

Boot live media, mount the root partition, and carefully check.

CNConrad · March 9, 2016, 8:14pm

I was under the impression that the “pwck” and “grpck” utility apps did check for errors and would alert one if a problem was found.

I will however check the files again.

Thanks, your suggestion is appreciated.