[ClusterLabs] pcs cluster auth returns authentication error
Jason A Ramsey
jason at eramsey.org
Fri Aug 26 02:14:35 UTC 2016
Well, I got around the problem, but I don’t understand the solution…
I edited /etc/pam.d/password-auth and commented out the following line:
auth required pam_tally2.so onerr=fail audit silent deny=5 unlock_time=900
Anyone have any idea why this was interfering?
--
[ jR ]
@: jason at eramsey.org
there is no path to greatness; greatness is the path
On 8/25/16, 9:50 PM, "Jason A Ramsey" <jason at eramsey.org> wrote:
Still stuck, but here’s the output of the command with --debug turned on:
Error: node1: Username and/or password is incorrect
Error: node2: Username and/or password is incorrect
Running: /usr/bin/ruby -I/usr/lib/pcsd/ /usr/lib/pcsd/pcsd-cli.rb auth
--Debug Input Start--
{"username": "hacluster", "local": false, "nodes": ["node1", "node2"], "password": "xxxxxxxxxxxxxxxxxxxx", "force": false}
--Debug Input End--
Return Value: 0
--Debug Output Start--
{
"status": "ok",
"data": {
"sync_responses": {
},
"sync_nodes_err": [
],
"auth_responses": {
"node2": {
"status": "bad_password"
},
"node1": {
"status": "bad_password"
}
},
"sync_successful": true
},
"log": [
"I, [2016-08-25T21:46:40.848381 #4825] INFO -- : PCSD Debugging enabled\n",
"D, [2016-08-25T21:46:40.848448 #4825] DEBUG -- : Detected RHEL 6\n",
"I, [2016-08-25T21:46:40.848489 #4825] INFO -- : Running: /usr/sbin/corosync-objctl cluster\n",
"I, [2016-08-25T21:46:40.848526 #4825] INFO -- : CIB USER: hacluster, groups: \n",
"D, [2016-08-25T21:46:40.850328 #4825] DEBUG -- : []\n",
"D, [2016-08-25T21:46:40.850378 #4825] DEBUG -- : [\"Failed to initialize the objdb API. Error 6\\n\"]\n",
"D, [2016-08-25T21:46:40.850429 #4825] DEBUG -- : Duration: 0.001807s\n",
"I, [2016-08-25T21:46:40.850501 #4825] INFO -- : Return Value: 1\n",
"W, [2016-08-25T21:46:40.850555 #4825] WARN -- : Cannot read config 'cluster.conf' from '/etc/cluster/cluster.conf': No such file\n",
"W, [2016-08-25T21:46:40.850609 #4825] WARN -- : Cannot read config 'cluster.conf' from '/etc/cluster/cluster.conf': No such file or directory - /etc/cluster/cluster.conf\n",
"I, [2016-08-25T21:46:40.851457 #4825] INFO -- : SRWT Node: node1 Request: check_auth\n",
"I, [2016-08-25T21:46:40.851554 #4825] INFO -- : SRWT Node: node2 Request: check_auth\n"
]
}
--Debug Output End--
--
[ jR ]
@: jason at eramsey.org
there is no path to greatness; greatness is the path
On 8/25/16, 5:36 PM, "Jason A Ramsey" <jason at eramsey.org> wrote:
Thanks for the response, Ken. I thought that might be the case, so I tried it with selinux disabled (setenforce=0). Same exact error. :-/
--
[ jR ]
M: +1 (703) 628-2621
@: jason at eramsey.org
there is no path to greatness; greatness is the path
On 8/25/16, 5:29 PM, "Ken Gaillot" <kgaillot at redhat.com> wrote:
On 08/25/2016 03:04 PM, Jason A Ramsey wrote:
> Please help. Just getting this thing stood up on a new set of servers
> and getting stymied right out the gate:
>
>
>
> # pcs cluster auth node1 node2
>
> Username: hacluster
>
> Password:
>
>
>
> I am **certain** that the password I’m providing is correct. Even still
> I get:
>
>
>
> Error: node1: Username and/or password is incorrect
>
> Error: node2: Username and/or password is incorrect
>
>
>
> I also see this is /var/log/audit/audit.log:
>
>
>
> type=USER_AUTH msg=audit(1472154922.415:69): user pid=1138 uid=0
> auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
> msg='op=PAM:authentication acct="hacluster" exe="/usr/bin/ruby"
> hostname=? addr=? terminal=? res=failed'
That's an SELinux error. To confirm, try again with SELinux disabled.
I think distributions that package pcs also provide any SELinux policies
it needs. I'm not sure what those are, or the best way to specify them
if you're building pcs yourself, but it shouldn't be difficult to figure
out.
> I’ve gone so far as to change the password to ensure that it didn’t have
> any “weird” characters in it, but the error persists. Appreciate the help!
>
>
>
> --
>
>
>
> *[ jR ]*
>
> @: jason at eramsey.org <mailto:jason at eramsey.org>
>
>
>
> /there is no path to greatness; greatness is the path/
_______________________________________________
Users mailing list: Users at clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Users mailing list: Users at clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Users mailing list: Users at clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
More information about the Users
mailing list