Well, I got around the problem, but I don’t understand the solution…
I edited /etc/pam.d/password-auth and commented out the following line:
auth required pam_tally2.so onerr=fail audit silent
deny=5 unlock_time=900
Anyone have any idea why this was interfering?
--
[ jR ]
@: ja...@eramsey.org
there is no path to greatness; greatness is the path
On 8/25/16, 9:50 PM, "Jason A Ramsey" <ja...@eramsey.org> wrote:
Still stuck, but here’s the output of the command with --debug turned on:
Error: node1: Username and/or password is incorrect
Error: node2: Username and/or password is incorrect
Running: /usr/bin/ruby -I/usr/lib/pcsd/ /usr/lib/pcsd/pcsd-cli.rb auth
--Debug Input Start--
{"username": "hacluster", "local": false, "nodes": ["node1", "node2"],
"password": "xxxxxxxxxxxxxxxxxxxx", "force": false}
--Debug Input End--
Return Value: 0
--Debug Output Start--
{
"status": "ok",
"data": {
"sync_responses": {
},
"sync_nodes_err": [
],
"auth_responses": {
"node2": {
"status": "bad_password"
},
"node1": {
"status": "bad_password"
}
},
"sync_successful": true
},
"log": [
"I, [2016-08-25T21:46:40.848381 #4825] INFO -- : PCSD Debugging
enabled\n",
"D, [2016-08-25T21:46:40.848448 #4825] DEBUG -- : Detected RHEL 6\n",
"I, [2016-08-25T21:46:40.848489 #4825] INFO -- : Running:
/usr/sbin/corosync-objctl cluster\n",
"I, [2016-08-25T21:46:40.848526 #4825] INFO -- : CIB USER: hacluster,
groups: \n",
"D, [2016-08-25T21:46:40.850328 #4825] DEBUG -- : []\n",
"D, [2016-08-25T21:46:40.850378 #4825] DEBUG -- : [\"Failed to
initialize the objdb API. Error 6\\n\"]\n",
"D, [2016-08-25T21:46:40.850429 #4825] DEBUG -- : Duration:
0.001807s\n",
"I, [2016-08-25T21:46:40.850501 #4825] INFO -- : Return Value: 1\n",
"W, [2016-08-25T21:46:40.850555 #4825] WARN -- : Cannot read config
'cluster.conf' from '/etc/cluster/cluster.conf': No such file\n",
"W, [2016-08-25T21:46:40.850609 #4825] WARN -- : Cannot read config
'cluster.conf' from '/etc/cluster/cluster.conf': No such file or directory -
/etc/cluster/cluster.conf\n",
"I, [2016-08-25T21:46:40.851457 #4825] INFO -- : SRWT Node: node1
Request: check_auth\n",
"I, [2016-08-25T21:46:40.851554 #4825] INFO -- : SRWT Node: node2
Request: check_auth\n"
]
}
--Debug Output End--
--
[ jR ]
@: ja...@eramsey.org
there is no path to greatness; greatness is the path
On 8/25/16, 5:36 PM, "Jason A Ramsey" <ja...@eramsey.org> wrote:
Thanks for the response, Ken. I thought that might be the case, so I
tried it with selinux disabled (setenforce=0). Same exact error. :-/
--
[ jR ]
M: +1 (703) 628-2621
@: ja...@eramsey.org
there is no path to greatness; greatness is the path
On 8/25/16, 5:29 PM, "Ken Gaillot" <kgail...@redhat.com> wrote:
On 08/25/2016 03:04 PM, Jason A Ramsey wrote:
> Please help. Just getting this thing stood up on a new set of
servers
> and getting stymied right out the gate:
>
>
>
> # pcs cluster auth node1 node2
>
> Username: hacluster
>
> Password:
>
>
>
> I am **certain** that the password I’m providing is correct. Even
still
> I get:
>
>
>
> Error: node1: Username and/or password is incorrect
>
> Error: node2: Username and/or password is incorrect
>
>
>
> I also see this is /var/log/audit/audit.log:
>
>
>
> type=USER_AUTH msg=audit(1472154922.415:69): user pid=1138 uid=0
> auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0
> msg='op=PAM:authentication acct="hacluster" exe="/usr/bin/ruby"
> hostname=? addr=? terminal=? res=failed'
That's an SELinux error. To confirm, try again with SELinux
disabled.
I think distributions that package pcs also provide any SELinux
policies
it needs. I'm not sure what those are, or the best way to specify
them
if you're building pcs yourself, but it shouldn't be difficult to
figure
out.
> I’ve gone so far as to change the password to ensure that it
didn’t have
> any “weird” characters in it, but the error persists. Appreciate
the help!
>
>
>
> --
>
>
>
> *[ jR ]*
>
> @: ja...@eramsey.org <mailto:ja...@eramsey.org>
>
>
>
> /there is no path to greatness; greatness is the path/
_______________________________________________
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started:
http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
