Skip to content

Author: A

Linux : pam_unix(su -l:auth): authentication failure

Published by A on July 22, 2014

Symptom

User is not able to “su” to another account (be it local, or LDAP based)

[admazwan_ngali@oracle~]$ su - servicesoasit
Password:
Password:
su: incorrect password

/var/log/secure will display this error log.

Jul 21 23:53:37 oracle su[22863]: pam_vas: Authentication <succeeded> for <Active Directory> 
user: <servicesoasit> account: <[email protected]> service: <su-l> reason: <N/A> Access Control Identifier(NT Name):<AMERICAS\ServiceSOASIT>
Jul 21 23:53:38 oracle su[22863]: pam_unix(su-l:auth): authentication failure; 
logname=admazwan_ngali uid=2184379 euid=2184379 tty=pts/6 ruser= rhost=  user=servicesoasit

As you can see pam_vas already verified authentication is a success, but “su” still refused you to switch user.

Troubleshooting

Ensure setuid is set on /bin/su file. Not sure why it’s changed, probably it happened during OEL upgrade recently.

[root@oracle pam.d]# ll /bin/su
-rwxr-xr-x 1 root root 28336 Oct 16  2012 /bin/su

Try to “su” to another account again. Issue should be fixed.

[root@oracle pam.d]# chmod +s /bin/su
[root@oracle pam.d]# ll /bin/su
-rwsr-xr-x 1 root root 28336 Oct 16  2012 /bin/su

[admazwan_ngali@oracle ~]$ su - servicesoasit
Password:
[servicesoasit@oracle~]$
3 Comments

Linux : Get average CPU and Memory utilization from SAR data

Published by A on July 9, 2014

Working on some performance related issue today and user requested average CPU/Memory utilization history on previous days, so I came out with quick script to pull the data.

Tested on Oracle Enterprise Linux. Should be working fine on any RHEL based distribution. Sysstat package is required to enable sar report on your server.

#!/bin/bash

# Get Average CPU/Memory Utilization History from sysstat file in /var/log/sa/*
# Author: azwan.ngali[AT]gmail.com


for file in $(ls -la /var/log/sa/* | grep sa[0-9] | awk '{print $9}')
do
        sar -f $file | head -n 1
        printf "\n"

        # Get CPU idle average, it's pretty straight forward.

        printf "CPU average: "
        sar -u -f $file | grep Average: | awk -F " " '{sum = (100 - $8) } END { print sum "%" }'

        # Get Average Memory utilization

        # Information being displayed in sar -r command is somewhat misleading.
        # As it is merely calculated by the formula kbmemused/(kbmemused+kbmemfree) * 100
        # But actually that was not the case, in order to get memory calculation, 
        # here's the revised formula to include memory cache/buffer information into account.
        # 
        # Formula:
        # (kbmemused-kbbuffers-kbcached) / (kbmemfree + kbmemused) * 100
        # The reason behind this is Linux treats unused memory as a wasted resource and so uses as 
        # much RAM as it can to cache process/kernel information
		
        printf "Memory Average: "
        sar -r -f $file | grep Average | awk -F " " '{ sum = ($3-$5-$6)/($2+$3) * 100   } END { print sum "%" }'

        printf "\n"
done

Upon execution, it will search all sa* file in /var/log/sa and perform basic calculation to display CPU/memory average. It may be handy if you’re lazy like me.

[root@ausuovmfmtap3 sa]# ./averagesar.sh
Linux 2.6.18-274.el5 (ausuovmfmtap3.xx)        07/01/2014
CPU average: 4.76%
Memory Average: 15.6925%
 
Linux 2.6.18-274.el5 (ausuovmfmtap3.xx)        07/02/2014
CPU average: 3.4%
Memory Average: 14.3805%
 
Linux 2.6.18-274.el5 (ausuovmfmtap3.xx)        07/03/2014
CPU average: 3.35%
Memory Average: 14.576%
 
Linux 2.6.18-274.el5 (ausuovmfmtap3.xx)        07/04/2014
CPU average: 3.97%
Memory Average: 17.8241%
 
Linux 2.6.18-274.el5 (ausuovmfmtap3.xx)        07/05/2014
CPU average: 4.44%
Memory Average: 20.4096%
 
Linux 2.6.18-274.el5 (ausuovmfmtap3.xx)        07/06/2014
CPU average: 4.58%
Memory Average: 20.6211%
 
Linux 2.6.18-274.el5 (ausuovmfmtap3.xx)        07/07/2014
CPU average: 4.77%
Memory Average: 18.3188%
 
Linux 2.6.18-274.el5 (ausuovmfmtap3.xx)        07/08/2014
CPU average: 3.34%
Memory Average: 14.8783%
 
Linux 2.6.18-274.el5 (ausuovmfmtap3.xx)        07/09/2014
CPU average: 3.44%
Memory Average: 15.1599%
 
[root@ausuovmfmtap3 sa]#

Toodles.

5 Comments

Ejaan pendek.

Published by A on June 18, 2014

Masa berbincang dengan boss aku pasal new hire kami.

“Her onboarding date is 1st July. Usually new notebook request will take around 2-3 weeks to be fulfilled. I’m going fill up the service request form now”

“Yes, please submit the request on her B 1/2”

Kemudian dia offline pergi breakfast.

Aku mengalami kesukaran nak mentafsirkan perkataan terakhir beliau.

Seminit aku tercangak-cangak mencarik maksud sambil menggaru-garu pipi.

..

..

B 1/2 = behalf.

#hipster

 

Leave a Comment

Samba access denied error when accessing symlink paths.

Published by A on June 16, 2014

Last week one of our business partner had issue mapping their Samba path to their workstation with access denied error.

C:\Users\azwan_ngali>net use * \\sambaserver\sys2\dellsftw\barcodes "password" /
user:domain\serviceaccount

System error 5 has occured.

Access is denied.

Despite user’s service account is a part of valid users group in /etc/samba/smb.conf, he’s still not able to map it.

Found out that the samba path is actually a symlink pointing to another directory which the service account has read / write access. Service account is a part of ap2_dev_cpdev_bar member.

lrwxrwxrwx 1 root root 51 Mar 17 2011 barcodes -> /stornext/snfs1/data/common/sys2/dellsftw/barcodes/

drwxrwxr-x 25510 root ap2_dev_cpdev_bar 960033 Jun 16 17:08 barcodes

To fix this problem you need to modify your SAMBA configuration.

Add / modify these three lines to enable SAMBA mapping to symlink paths.

follow symlinks = yes
wide links = yes
unix extensions = yes

Save the file and restart Samba service.

service smb restart

Try remapping the Samba path again. Access denied error will be gone.

Leave a Comment