Ubuntu
ia32-libs package

vmware server will not connect remotely

Bug #112937 reported by Purity Control
32
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ia32-libs (Ubuntu)
Triaged
Wishlist
Unassigned
pam (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

this is for the package vmware-server in the commercial repository but this cant be chosen from your list of packages

When installing vmware-server there is an error in the file /etc/pam.d/vmware-authd

the file is installed as follows:
#%PAM-1.0
auth sufficient %pamdir%/pam_unix2.so shadow nullok
auth required %pamdir%/pam_unix_auth.so shadow nullok
account sufficient %pamdir%/pam_unix2.so
account required %pamdir%/pam_unix_acct.so

however the %pamdir%/ should not be in each line and instead it should read:

#%PAM-1.0
auth sufficient pam_unix2.so shadow nullok
auth required pam_unix_auth.so shadow nullok
account sufficient pam_unix2.so
account required pam_unix_acct.so

This then allows people to remotely connect through vmware server console.

Also when installing on feisty server make is a dependency but is not installed so the install fails until make is installed

Revision history for this message
Matti Lindell (mlind) wrote :

With vmware-server (1.0.3-1 ) in feisty-commercial module

/etc/pam.d/vmware-authd contains:
#%PAM-1.0
auth sufficient /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix2.so shadow nullok
auth required /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix_auth.so shadow nullok
account sufficient /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix2.so
account required /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix_acct.so

although pam_unix2.so doesn't exist. I symlinked pam_unix.so --> pam_unix2.so and it seems to work.

/etc/vmware/pam.d/vmware-authd file exists too and contains the %pamdir% entries.

Revision history for this message
Wilbur Harvey (wilbur-harvey-spirentcom) wrote :

I am running Feisty32 on the vmware server machine (vmware-server (1.0.3-1 ) in feisty-commercial module), and Feisty64 on the vmware client.

I get this error when trying to connecto to

Unable to connect to the remote host: Login (username/password) incorrect

The same username/password works when I connect locally on the machine.

I tried the symlink of pam_unix.so to pam_unix2.so, but it didn't help.

The exact same setup was working fine when I had the vmware, not from the repository installed, and had xinetd installed.

Any ideas would be appreciated.

Wilbur

Revision history for this message
Purity Control (craig-puritycontrol) wrote :

Hi Wilbur,

I am no linux expert, I am just the person who originally tried to file the bug but if you follow my instructions in the first post with the modification describe below, I think you may have success. I have only tried it on 32 bit installs but it has worked on all of those and I cannot see why it would not work on a 64 bit install either

edit /etc/pam.d/vmware-authd

1. sudo cp /etc/pam.d/vmware-authd /etc/pam.d/vmware-authd.orig
  this means you have a copy of the original file if you make a mistake.

2. change the file from

#%PAM-1.0
auth sufficient /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix2.so shadow nullok
auth required /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix_auth.so shadow nullok
account sufficient /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix2.so
account required /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix_acct.so

To

#%PAM-1.0
auth sufficient %pamdir%/pam_unix2.so shadow nullok
auth required %pamdir%/pam_unix_auth.so shadow nullok
account sufficient %pamdir%/pam_unix2.so
account required %pamdir%/pam_unix_acct.so

3. You must do this on the server you want to connect to, not the machine you are connecting from

4.You probably need to do this everytime apt installs a newer version of vmware until it gets fixed because on all the updates I have instaled so far the file gets overwritten.

Hope this helps.

Revision history for this message
Rick Clark (dendrobates) wrote :

I can confirm that there is a pam problem with vmware server.

Revision history for this message
Dominique Gallot (dga-dgconsulting) wrote :

The solution of "Purity Control" was not working on my fresh installation of ubuntu 7.04 ( server ).
I solved it by setting the content of the file /etc/pam.dvmware-authd with

#%PAM-1.0

@include common-auth
@include common-account

This solved everything. ( in fact it is the content of the file login in the same directory )

Hope this help

Revision history for this message
Daniel Ellis (danellisuk) wrote :

I can confirm that Dominique's solution worked for me. I can now remotely configure and use vmware from another machine, logging in using the same username and password as my ubuntu login. Thanks Dominique!

Revision history for this message
Purity Control (craig-puritycontrol) wrote :

Dominique ,
both solutions work just as well for me.

However I have to say yours is much more elegant.

Thank you for the insight.

Revision history for this message
Walter Tautz (wtautz) wrote :

On gutsy AMD64 deb package the solution above of including common-auth and common-account DOES NOT work for
me. Instead I had to replace the pam configuration with:

auth sufficient /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix.so shadow nullok
auth required /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix_auth.so shadow nullok
account sufficient /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix.so
account required /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix_acct.so

#%PAM-1.0
@include common-auth
@include common-account

I got:
Jan 15 09:25:18 trainer vmware-authd[18472]: PAM adding faulty module: <*unknown module path*>
Jan 15 09:25:18 trainer vmware-authd[18472]: PAM (other) illegal module type: @include
Jan 15 09:25:19 trainer vmware-authd[18472]: PAM pam_parse: expecting return value; [...common-account]
Jan 15 09:25:19 trainer vmware-authd[18472]: PAM (other) no module name supplied
Jan 15 09:25:19 trainer vmware-authd[18472]: PAM (other) illegal module type: @include
Jan 15 09:25:19 trainer vmware-authd[18472]: PAM pam_parse: expecting return value; [...common-password]
Jan 15 09:25:19 trainer vmware-authd[18472]: PAM (other) no module name supplied
Jan 15 09:25:19 trainer vmware-authd[18472]: PAM (other) illegal module type: @include
Jan 15 09:25:19 trainer vmware-authd[18472]: PAM pam_parse: expecting return value; [...common-session]
Jan 15 09:25:19 trainer vmware-authd[18472]: PAM (other) no module name supplied
Jan 15 09:25:40 trainer vmware-authd[18483]: PAM (other) illegal module type: @include
Jan 15 09:25:40 trainer vmware-authd[18483]: PAM pam_parse: expecting return value; [...common-auth]
Jan 15 09:25:40 trainer vmware-authd[18483]: PAM (other) no module name supplied
Jan 15 09:25:40 trainer vmware-authd[18483]: PAM unable to dlopen(<*unknown module path*>)
Jan 15 09:25:40 trainer vmware-authd[18483]: PAM [error: <*unknown module path*>: cannot open shared object file: No such file or dir
ectory]

Revision history for this message
Hassan El Jacifi (waver) wrote :

I can confirm the problem with gutsy AMD64. The solution from Walter works for me.

Revision history for this message
Ronnie Redd (cruzit) wrote :

Just confirming AMD64 Gutsy that the following fixes the issue?

replace the pam configuration in /etc/pam.dvmware-authd with:

auth sufficient /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix.so shadow nullok
auth required /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix_auth.so shadow nullok
account sufficient /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix.so
account required /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix_acct.so

#%PAM-1.0
@include common-auth
@include common-account

Revision history for this message
Ronnie Redd (cruzit) wrote :

OK,
(Please note the corrected path here - /etc/pam.d/vmware-authd instead of /etc/pam.dvmware-authd)

I went for it and I too confirm that the below fixes it on AMD64 Gutsy:

replace the pam configuration in /etc/pam.d/vmware-authd to read:

auth sufficient /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix.so shadow nullok
auth required /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix_auth.so shadow nullok
account sufficient /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix.so
account required /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix_acct.so

#%PAM-1.0
@include common-auth
@include common-account

Revision history for this message
Walter Tautz (wtautz) wrote : Re: [Bug 112937] Re: vmware server will not connect remotely

Ronnie Redd wrote:
> OK,
> (Please note the corrected path here - /etc/pam.d/vmware-authd instead of /etc/pam.dvmware-authd)
>
> I went for it and I too confirm that the below fixes it on AMD64 Gutsy:
>
> replace the pam configuration in /etc/pam.d/vmware-authd to read:
>
> auth sufficient /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix.so shadow nullok
> auth required /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix_auth.so shadow nullok
> account sufficient /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix.so
> account required /usr/lib/vmware-server/lib/libpam.so.0/security/pam_unix_acct.so
>
> #%PAM-1.0
> @include common-auth
> @include common-account
>
>
 I guess the point is: vmware does something special with their Pam modules
which prevents the standard ones from being used. Perhaps this is the bug
that should be noted, namely, why is vmware doing something special?

Yes, the above certainly fixes the problem. It should be noted that
older versions of
the package did the above which is how I figured out how to fix the problem.

Revision history for this message
jmandawg (jmandawg) wrote :

Confirmed with Gutsy x64. The above fix worked.

Thanks guys.

Revision history for this message
Soren Hansen (soren) wrote :

This is really a pam bug.

vmware-server uses pam as shipped in ia32-libs. pam hardcodes the /lib/security path, but on amd64 installations, this is where the 64-bit pam modules are, so we end up with a 32 bit application tryin to dlopen a 64 bit binary, which obviously doesn't work. What needs to be done in pam is to check if (uname says we're running 64 bit && we're compiled for 32 bit) we should go looking in /lib32/security instead.

Revision history for this message
Soren Hansen (soren) wrote :

We'll also need to add libpam-modules to ia32-libs.

Revision history for this message
drink (martin-espinoza) wrote :

The solution at https://bugs.launchpad.net/ubuntu/+bug/112937/comments/11 worked for me on 8.04.1 amd64.

Revision history for this message
drink (martin-espinoza) wrote :

whoops! spoke too soon. I'm actually using vmware server 2 beta. The above worked well enough to get to the login screen but not to authenticate, probably because it included common but not enough other modules. Here is the pam config which works for me.

auth sufficient pam_unix.so shadow nullok
auth required pam_unix_auth.so shadow nullok
account sufficient pam_unix.so
account required pam_unix_acct.so

#%PAM-1.0
@include common-auth
@include common-account

Daniel T Chen (crimsun)
Changed in ia32-libs:
importance: Undecided → Wishlist
status: New → Triaged
Revision history for this message
Michael Shadle (mshadle) wrote :

Does not work using VMware server 1.0.9 downloaded from vmware directly.

It compiles, using the vmware-any-any-update or vmware-update for the kernel and such. However, remote connectivity still triggers the PAM errors.

I have tried on both 9.04 and 8.10 Ubuntu 64-bit, roughly the same message on both. I can resolve the pam_unix2.so not being found but it still is messed up. What is odd is it seems to be looking for @include even though I've commented it out in all the various pam files that it is referenced in, so I do not know where it is inheriting this from!

May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM unable to dlopen(/usr/lib/vmware/lib/libpam.so.0/security/pam_unix2.so)
May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM [error: /usr/lib/vmware/lib/libpam.so.0/security/pam_unix2.so: cannot open shared object file: No such file or directory]
May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM adding faulty module: /usr/lib/vmware/lib/libpam.so.0/security/pam_unix2.so
May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM (other) illegal module type: @include
May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM pam_parse: expecting return value; [...common-auth]
May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM (other) no module name supplied
May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM unable to dlopen(<*unknown module path*>)
May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM [error: <*unknown module path*>: cannot open shared object file: No such file or directory]
May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM adding faulty module: <*unknown module path*>
May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM (other) illegal module type: @include
May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM pam_parse: expecting return value; [...common-account]
May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM (other) no module name supplied
May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM (other) illegal module type: @include
May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM pam_parse: expecting return value; [...common-password]
May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM (other) no module name supplied
May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM (other) illegal module type: @include
May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM pam_parse: expecting return value; [...common-session]
May 29 09:40:53 orisnvm02 vmware-authd[24120]: PAM (other) no module name supplied
May 29 09:40:53 orisnvm02 vmware-authd[24120]: pam_unix_auth(vmware-authd:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root

Revision history for this message
Michael Shadle (mshadle) wrote :

I will say this

I tried 9.04, could not get it to work. Same with 8.10.

However, I did 8.04.2, and it worked, out of the box, without even requiring the vmware patch / vmware-update-update thingy. I can connect remotely to it too, without tweaking pam at all even.

This is vmware server 1.0.9 downloaded from vmware.com, not using any packages.

Fresh Ubuntu 8.04 x64 box, with only this ran:

apt-get build-essential libpam-modules ia32-libs xinetd

(and all the dependencies)

If only we could get the -current- version of Ubuntu to behave, now.

Revision history for this message
Graham Maltby (gmaltby) wrote :

Glad to hear I'm not the only one. I too have been attempting 1.0.9 with no success. What I find odd is that I can connect as an unprivileged user but not as root.

> If only we could get the -current- version of Ubuntu to behave, now.

Yes!!

Revision history for this message
Tary (tary) wrote :

This is still an issue. I'm running ubuntu 9.04 and vmware server 1.0.9 and I can't get pam authorization to work. The only way I could use the remote console is to disable pam auth altogether. If anyone has any ideas I'd be glad to try them out.
Thanks!

Revision history for this message
Michael Shadle (mshadle) wrote :

I went back to 8.04 or so and it works then. Sadly, 9.04 and possibly even 8.10 don't work :(

Revision history for this message
Tary (tary) wrote :

Thanks for the reply. Unfortunately the hardware I'm using requires me
to run 9.04...

------ Original Message ------
From: mshadle <email address hidden>
Date: Wednesday, August 5th, 2009 2:35 PM PDT
To: <email address hidden>
Subject: [Bug 112937] Re: vmware server will not connect remotely

I went back to 8.04 or so and it works then. Sadly, 9.04 and possibly
even 8.10 don't work :(

--
vmware server will not connect remotely
https://bugs.launchpad.net/bugs/112937
You received this bug notification because you are a direct subscriber
of the bug.

Status in “ia32-libs” package in Ubuntu: Triaged
Status in “pam” package in Ubuntu: Confirmed

Bug description:
this is for the package vmware-server in the commercial repository but this cant be chosen from your list of packages

When installing vmware-server there is an error in the file /etc/pam.d/vmware-authd

the file is installed as follows:
#%PAM-1.0
auth sufficient %pamdir%/pam_unix2.so shadow nullok
auth required %pamdir%/pam_unix_auth.so shadow nullok
account sufficient %pamdir%/pam_unix2.so
account required %pamdir%/pam_unix_acct.so

however the %pamdir%/ should not be in each line and instead it should read:

#%PAM-1.0
auth sufficient pam_unix2.so shadow nullok
auth required pam_unix_auth.so shadow nullok
account sufficient pam_unix2.so
account required pam_unix_acct.so

This then allows people to remotely connect through vmware server console.

Also when installing on feisty server make is a dependency but is not installed so the install fails until make is installed

Revision history for this message
Michael Shadle (mshadle) wrote :

Let me guess, a Nehalem box and you need the igb drivers? :)

If so, go nominate this and comment
https://bugs.launchpad.net/ubuntu/+source/linux-ubuntu-modules-2.6.24/+bug/352440

I'm trying to get proper drivers backported to LTS, other people are too, apparently it's there but not a good enough version.

Revision history for this message
Scott Ritchie (scottritchie) wrote :

I think this is the same bug as https://bugs.edge.launchpad.net/ubuntu/+source/ia32-libs/+bug/172400

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.