General discussion


Linux - root logs on, user can't; "Error in service module"

By CharlieSpencer ·
I got nothing when I posted this in Q&A, so I thought I'd try here.

Fedora Core 5

I was playing Enigma when I accidentally hit the 'a' key and it killed my marble. (Don't worry if you don't play Enigma; it's only slightly relevant.) In order to see if there were any more keys I should avoid, I began striking them in alphabetical order. Somewhere around 'r' I was logged out and dumped back to the GUI login.

I can log on as root at both GUI and command line. If I try to log on as my user account from the GUI I get an "Authentication failed" window. Clicking OK takes me back to the username prompt. If I try to log on as my user account from the command line I get the error "Error in service module" and the next line is a Username prompt. I've reset the user account password but that has had no effect.

First, anybody know why my walking the alphabet would have kicked me out? Did I hit some magic sequence of keystrokes? Second, how do I undo what I've done? Yes, I know I can create a new user and copy the files, but that's a workaround, not a solution.

It was suggested at another site that I post the /etc/pam.d/login file, so here it is if that's any help.

auth required
auth include system-auth
account required
account include system-auth
password include system-auth
# close should be the first session rule
session required close
session include system-auth
session required
session optional
# open should be the last session rule
session required open

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Let's try some diagnostics

by stress junkie In reply to Linux - root logs on, use ...

You already tried my first idea, resetting the password for the user account. So let's try to figure out what is happening.

Idea #1:

Log in as root. See if you have the "sux" command. Many distributions don't. If you are running a GUI then open a terminal window. At the command line enter the following command:

which sux

If you get your command prompt without any other information then you don't have the sux command.

Let's say that your user account is named user01. If you have the sux command then do this when you are logged in as root:

If you have a GUI running then open a terminal window.
At a command line enter the following command.

sux - user01

Hopefully you will see some specific error messages that will help diagnose this problem.

If you don't have the sux command then try this as root:

su - user01

Again we hope that some helpful user messages will be displayed.


Idea #2:

Log in as root. If you are running a GUI then open a terminal window.

At the command prompt enter the following command:

init 3

Hopefully the computer will stop the GUI and restart in text console mode. Then you can try to log on as the normal user. If you get logged out then log on as root and try the su - user01 command again. See if you have better luck getting logged in.

The purpose of this idea is to determine if your log in problem is due exclusively to the GUI settings.


Idea #3:

After you've done those things read the /var/log/messages file. There may be helpful messages there.

Open a terminal window. Enter the following command.

tail -100 /var/log/messages


cat /var/log/messages

Collapse -

I was wondering if there is anything in the auth.log

by DanLM In reply to Let's try some diagnostic ...

But, I'm use to FreeBSD.


Collapse -


by CharlieSpencer In reply to I was wondering if there ...

# ls -R auth.log
ls: auth.log: No such file or directory

Collapse -

In /var/log????

by DanLM In reply to Response

that is where that log resides.


Collapse -

1 of them

by dawgit In reply to In /var/log????

there are other log in the sys too. (now if I can find where I put that stuff)

Collapse -

droolin, nope

by CharlieSpencer In reply to In /var/log????

# cd /var/log
# ls a*
acpid anaconda.log anaconda.syslog anaconda.xlog

Collapse -

Ok, now I am at a loss

by DanLM In reply to droolin, nope

And I apologize. That log will show all login attempts normally(pass/fail) and how each occurred. This is used by ssh though and you need to have the following defined in the /etc/ssh/sshd_config file:
# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel INFO

You get information like this in the auth.log because of those settings:

Sep 13 08:18:39 disone sshd[3161: Invalid user username from
Sep 13 09:52:27 disone sshd[32089]: Accepted publickey for **** from port 44584 ssh2
Sep 13 14:16:43 disone sshd[3343: Did not receive identification string from
Sep 13 14:29:41 disone sshd[33492]: fatal: Timeout before authentication for
Sep 13 15:17:21 disone sshd[33856]: Accepted publickey for **** from port 33530 ssh2
Sep 13 15:17:21 disone sshd[33859]: subsystem request for sftp

Crap, I need to read back to see how your logging in. I don't remember if you said it was an ssh login or not.


Collapse -

Contents of sshd_config

by CharlieSpencer In reply to Ok, now I am at a loss

# cd /etc/ssh
You have new mail in /var/spool/mail/root

I recall something about Linux using a mail system to deliver system messages, so I assume that's what that is. I'll take a look at that when I finish posting this. I wonder why I didn't get that message until I switched to the /etc/ssh directory?

You don't remember if I said it was an ssh login because I haven't said anything about ssh until now. What's an ssh login, and what are the alternatives. And here I thought a login was a login. Silly me.

Without all the commented lines, the sshd_config file looks like this. I don't see anything telling me what it's using for a log file.

Protocol 2
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAutentication yes
GSSAPICleanupCredentials yes
UsePAM yes
X11Forwarding yes
Subsystem sftp /usr/libexec/openssh/sftp-server

Collapse -

some information

by apotheon In reply to Ok, now I am at a loss

1. Every time you enter a command, the system checks to see whether there are any new mail messages waiting for the user account you're using. If so, it gives you notification of that fact. The reason it didn't tell you until you accessed that directory is that the root account received that message after the previous command you entered as root.

2. It seems that your MTA (mail transfer agent) is configured to deliver messages for root to root. It's usually a good idea, if you're the system administrator, to have messages for root delivered to your normal user account since you'll be logged into that account more often. It's not that big a deal, but that's fairly common practice.

3. By "an ssh login", he just means to ask whether you're logging in via SSH, a client/server protocol used for secure, encrypted logins across a network.

4. sshd normally logs to /var/log/syslog

If you'd like more information about configuring and using SSH, this might be a good place to start:

Collapse -

SJ, responses

by CharlieSpencer In reply to Let's try some diagnostic ...

Idea 1
# which sux
: no sux in ( path )
# sux
: command not found
# su - user01
su: incorrect password

Idea 2
# init 3
<< black screen with blinking cursor >>

After waiting 30 seconds:
MACHINENAME login: user01
Password: password
Error in service module <<disappears on its own>>
MACHINENAME login: root
Password: password
# su - user01
su: incorrect password

Idea 3

This appears significant.

pam_winbind[6485]: write to socket failed!
pam_winbind[6485]: internal module error (retval = 3, user = 'user01')
login[6503] error in service module

<<repeat twice more>>

What is /var/log/messages? There's no man page for it.

Related Discussions

Related Forums