Can login through ssh but not through the console?

I have here two centos 4.4 boxes, one is the NIS server and the other a
client. For some reason I have no problem logging into the machine using
ssh, but when I sit in front of the machine I cannot log in. Why would
that be happening?
--
Mauricio raub-kudria-com
(if you need to email me, use this address =)

On Fri, 29 Sep 2006, in the Usenet newsgroup comp.os.linux.networking, in
article <7qgTg.1753$b23.1432@dukeread07>, Mauricio Tavares wrote:

>I have here two centos 4.4 boxes, one is the NIS server and the other a
>client.

Are you using NIS maps for the passwords?

>For some reason I have no problem logging into the machine using ssh, but
>when I sit in front of the machine I cannot log in. Why would that be
>happening?

What happens when you try? Does the computer catch fire? Who are you
trying to log in as? Root? A normal user? What is the exact error
message? What authentication means are you using for SSH? If you want
help, you _really_ need to provide some details.

Old guy

Moe Trin wrote:
> On Fri, 29 Sep 2006, in the Usenet newsgroup comp.os.linux.networking, in
> article <7qgTg.1753$b23.1432@dukeread07>, Mauricio Tavares wrote:
>
>> I have here two centos 4.4 boxes, one is the NIS server and the other a
>> client.
>
> Are you using NIS maps for the passwords?
>
Yes, and ypwhich does give me the right NIS server and ypcat/ypmatch
also returns with all the maps I generated (passwd, group, netgroup,
auto.home). That would make me think the client is indeed seeing the
maps. Both machines are also defined in my /var/yp/securenets. Automount
does properly take my auto.home map and moutns the user partitions.

>> For some reason I have no problem logging into the machine using ssh, but
>> when I sit in front of the machine I cannot log in. Why would that be
>> happening?
>
> What happens when you try? Does the computer catch fire? Who are you
> trying to log in as? Root? A normal user? What is the exact error
> message? What authentication means are you using for SSH? If you want
> help, you _really_ need to provide some details.
>
I log in as my normal user account. If I do it through ssh, all works
fine (login and password are accepted, my homespace is properly
automounted, and I get my prompt). If I do it through the graphical
console (as in sitting in front of machine), after I enter the login and
password, I am told that I entered one of them incorrectly (as in it
does not recognize one of them) and go back to the login screen. Now,
when I check /var/log/messages, this is what I get:

Sep 28 15:16:59 voxel gdm(pam_unix)[2156]: check pass; user unknown
Sep 28 15:16:59 voxel gdm(pam_unix)[2156]: authentication failure;
logname= uid=0 euid=0 tty=:0 ruser= rhost=
Sep 28 15:17:02 voxel gdm-binary[2156]: Couldn't authenticate user
Sep 28 15:17:16 voxel gdm(pam_unix)[2156]: check pass; user unknown
Sep 28 15:17:16 voxel gdm(pam_unix)[2156]: authentication failure;
logname= uid=0 euid=0 tty=:0 ruser= rhost=
Sep 28 15:17:20 voxel gdm-binary[2156]: Couldn't authenticate user


I do not know if this is enough information, but that is what I got so
far. =)

--
Mauricio raub-kudria-com
(if you need to email me, use this address =)

Mauricio Tavares <(E-Mail Removed)> wrote:
> ... after I enter the login and
> password, I am told that I entered one of them incorrectly (as in it
> does not recognize one of them) and go back to the login screen. Now,
> when I check /var/log/messages, this is what I get:
>
> Sep 28 15:16:59 voxel gdm(pam_unix)[2156]: check pass; user unknown

I would take a closer look at files in the /etc/pam.d directory,
especially /etc/pam.d/gdm.

--
andrei

Andrei Ivanov wrote:
> Mauricio Tavares <(E-Mail Removed)> wrote:
>> ... after I enter the login and
>> password, I am told that I entered one of them incorrectly (as in it
>> does not recognize one of them) and go back to the login screen. Now,
>> when I check /var/log/messages, this is what I get:
>>
>> Sep 28 15:16:59 voxel gdm(pam_unix)[2156]: check pass; user unknown
>
> I would take a closer look at files in the /etc/pam.d directory,
> especially /etc/pam.d/gdm.
>
Let me check. As I do that, I remember the client used to be connected
to another NIS server and that worked without any problem. We are
switching to our own sever because we want to use auto.home and need to
have more user control.

--
Mauricio raub-kudria-com
(if you need to email me, use this address =)

On Mon, 02 Oct 2006, in the Usenet newsgroup comp.os.linux.networking, in
article <0K7Ug.1970$b23.873@dukeread07>, Mauricio Tavares wrote:

> I log in as my normal user account. If I do it through ssh, all works
>fine (login and password are accepted, my homespace is properly
>automounted, and I get my prompt). If I do it through the graphical
>console (as in sitting in front of machine), after I enter the login and
>password, I am told that I entered one of them incorrectly (as in it
>does not recognize one of them) and go back to the login screen.

I'm used to an SSH login using separate authentication from NIS, which is
why I asked.

>Sep 28 15:16:59 voxel gdm(pam_unix)[2156]: check pass; user unknown
>Sep 28 15:16:59 voxel gdm(pam_unix)[2156]: authentication failure;
>logname= uid=0 euid=0 tty=:0 ruser= rhost=

Ahh... What character set is your console/keyboard set to? Could this
be the terminal miscoding the characters in the name?

Old guy

Mauricio Tavares wrote:
> Andrei Ivanov wrote:
>> Mauricio Tavares <(E-Mail Removed)> wrote:
>>> ... after I enter the login and password, I am told that I entered
>>> one of them incorrectly (as in it does not recognize one of them) and
>>> go back to the login screen. Now, when I check /var/log/messages,
>>> this is what I get:
>>>
>>> Sep 28 15:16:59 voxel gdm(pam_unix)[2156]: check pass; user unknown
>>
>> I would take a closer look at files in the /etc/pam.d directory,
>> especially /etc/pam.d/gdm.
>>
> Let me check. As I do that, I remember the client used to be
> connected to another NIS server and that worked without any problem. We
> are switching to our own sever because we want to use auto.home and need
> to have more user control.
>
Here is my /etc/pam.d/gdm:

::::::::::::::
/etc/pam.d/gdm
::::::::::::::
#%PAM-1.0
auth required pam_env.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so

From what I understand, gdm will ask /etc/pam.d/system-auth about how
to handle the authentication issue. AFAIK, that also goes for, say,
/etc/pam.d/sshd. Now, /etc/pam.d/system-auth looks like this:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
quiet
account required /lib/security/$ISA/pam_permit.so

password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow nis
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so

doesn't the "password sufficient" statement (yes, I know, it wrapped to
the next line) says that it will try the shadow passwords and then nis?
if so, what am I missing here?

--
Mauricio raub-kudria-com
(if you need to email me, use this address =)

Moe Trin wrote:
> On Mon, 02 Oct 2006, in the Usenet newsgroup comp.os.linux.networking, in
> article <0K7Ug.1970$b23.873@dukeread07>, Mauricio Tavares wrote:
>
>> I log in as my normal user account. If I do it through ssh, all works
>> fine (login and password are accepted, my homespace is properly
>> automounted, and I get my prompt). If I do it through the graphical
>> console (as in sitting in front of machine), after I enter the login and
>> password, I am told that I entered one of them incorrectly (as in it
>> does not recognize one of them) and go back to the login screen.
>
> I'm used to an SSH login using separate authentication from NIS, which is
> why I asked.

Aha, my /etc/pam.d/sshd asks for authentication thingies from
/etc/pam.d/system-auth, which is setup to also check nis in addition to
shadow.

>
>> Sep 28 15:16:59 voxel gdm(pam_unix)[2156]: check pass; user unknown
>> Sep 28 15:16:59 voxel gdm(pam_unix)[2156]: authentication failure;
>> logname= uid=0 euid=0 tty=:0 ruser= rhost=
>
> Ahh... What character set is your console/keyboard set to? Could this
> be the terminal miscoding the characters in the name?
>
That is a thought. How to find out? In the gui login window I told it
to use the default language though I do not know how helpful that will
be. I do know that I have no problems logging in using the text-based
console.

> Old guy


--
Mauricio raub-kudria-com
(if you need to email me, use this address =)

Found what I was doing wrong: I forgot to do /usr/sbin/gdm-restart.
Shame on me!

--
Mauricio raub-kudria-com
(if you need to email me, use this address =)