Re: Authentication problem

Stephen Liu <satimis@xxxxxxxxx> · Tue, 10 Jun 2008 07:17:00 +0800 (CST)

Hi Wesley,

> On 09 Jun 2008, at 13:06, Stephen Liu wrote:
> > S: L01 NO Login failed: generic failure
> 
> These generic login failures typically produce a log message in your 
> 
> security logs.

Here are the logs

$ sudo ls -la /var/log/
total 48048
drwxr-xr-x  8 root  root      4096 2008-06-10 06:55 .
drwxr-xr-x 14 root  root      4096 2008-04-18 07:27 ..
drwxr-xr-x  2 root  root      4096 2008-04-18 07:28 apache2
-rw-r--r--  1 root  root      2856 2008-04-18 07:27 aptitude
-rw-r-----  1 root  adm     299868 2008-06-10 07:10 auth.log
-rw-r-----  1 root  adm      48035 2008-05-04 06:47 auth.log.0
-rw-rw-r--  1 root  utmp      1920 2008-05-05 03:50 btmp
drwxr-xr-x  2 root  root      4096 2008-05-07 06:25 cups
-rw-r-----  1 root  adm     710332 2008-06-10 06:55 daemon.log
-rw-r-----  1 root  adm      69032 2008-05-04 06:03 daemon.log.0
-rw-r-----  1 root  adm     404471 2008-06-10 06:56 debug
-rw-r-----  1 root  adm      76075 2008-05-04 05:59 debug.0
-rw-r--r--  1 root  root     19690 2008-06-10 06:54 dmesg
-rw-r-----  1 root  adm     224936 2008-06-07 12:23 dpkg.log
-rw-r--r--  1 root  root     15896 2008-06-09 23:16 evms-engine.1.log
-rw-r--r--  1 root  root     15896 2008-06-09 21:26 evms-engine.2.log
-rw-r--r--  1 root  root     15896 2008-06-09 16:11 evms-engine.3.log
-rw-r--r--  1 root  root     15896 2008-06-09 14:10 evms-engine.4.log
-rw-r--r--  1 root  root     15896 2008-06-09 08:10 evms-engine.5.log
-rw-r--r--  1 root  root     15896 2008-06-08 22:08 evms-engine.6.log
-rw-r--r--  1 root  root     15896 2008-06-08 17:57 evms-engine.7.log
-rw-r--r--  1 root  root     15896 2008-06-07 23:39 evms-engine.8.log
-rw-r--r--  1 root  root     15896 2008-06-07 22:13 evms-engine.9.log
-rw-r--r--  1 root  root     15896 2008-06-10 06:54 evms-engine.log
-rw-r--r--  1 root  root     32160 2008-06-10 01:22 faillog
-rw-r--r--  1 root  root       681 2008-04-24 01:24 fontconfig.log
drwxr-xr-x  3 root  root      4096 2008-04-18 07:29 installer
-rw-r-----  1 root  adm    2000232 2008-06-10 06:55 kern.log
-rw-r-----  1 root  adm     455682 2008-05-04 05:59 kern.log.0
-rw-rw-r--  1 root  utmp    293460 2008-06-10 07:10 lastlog
-rw-r--r--  1 root  root         0 2008-04-18 07:30 lpr.log
-rw-r--r--  1 root  root   3437682 2008-06-10 00:59 mail.err
-rw-r--r--  1 root  root   6462532 2008-06-10 06:55 mail.info
-rw-r--r--  1 root  root  11019216 2008-06-10 06:55 mail.log
-rw-r--r--  1 root  root   6322797 2008-06-10 00:59 mail.warn
-rw-r-----  1 root  adm    1698219 2008-06-10 06:55 messages
-rw-r-----  1 root  adm     386020 2008-05-04 06:47 messages.0
drwxr-s---  2 mysql adm       4096 2008-06-10 06:55 mysql
-rw-r-----  1 mysql adm          0 2008-05-06 01:32 mysql.err
-rw-r-----  1 mysql adm          0 2008-05-07 06:25 mysql.log
-rw-r-----  1 mysql adm         20 2008-05-06 01:32 mysql.log.1.gz
drwxr-sr-x  2 news  news      4096 2008-04-18 07:30 news
drwxr-x---  2 proxy proxy     4096 2008-05-07 06:25 squid
-rw-r-----  1 root  adm   13395209 2008-06-10 07:09 syslog
-rw-r-----  1 root  adm     424533 2008-05-07 06:25 syslog.0
-rw-r-----  1 root  adm     115845 2008-05-04 06:25 syslog.1.gz
-rw-r--r--  1 root  root    268321 2008-06-10 06:54 udev
-rw-r-----  1 root  adm       5228 2008-06-10 01:22 user.log
-rw-r-----  1 root  adm       5058 2008-05-04 06:03 user.log.0
-rw-r--r--  1 root  root         0 2008-04-18 07:30 uucp.log
-rw-rw-r--  1 root  utmp    939264 2008-06-10 07:10 wtmp
* end *

Which is the security log?  Thanks

$ tail /var/log/auth.log
Jun 10 01:22:12 lampserver login[4403]: (pam_unix) session opened for
user root by (ui
d=0)
Jun 10 01:22:12 lampserver login[31808]: ROOT LOGIN  on `tty1'
Jun 10 01:22:22 lampserver saslauthd[4198]: server_exit     : master
exited: 4198
Jun 10 01:22:22 lampserver sshd[4218]: Received signal 15; terminating.
Jun 10 06:55:13 lampserver saslauthd[4197]: detach_tty      : master
pid is: 4197
Jun 10 06:55:13 lampserver saslauthd[4197]: ipc_init        : listening
on socket: /va
r/spool/postfix/var/run/saslauthd/mux
Jun 10 06:55:13 lampserver sshd[4224]: Server listening on :: port
2222.
Jun 10 06:56:26 lampserver sshd[4432]: Accepted password for satimis
from 192.168.0.10
 port 46317 ssh2
Jun 10 06:56:26 lampserver sshd[4434]: (pam_unix) session opened for
user satimis by (
uid=0)
Jun 10 07:07:33 lampserver sudo:  satimis : TTY=pts/0 ;
PWD=/home/satimis ; USER=root 
; COMMAND=/bin/ls /var/log/
* end *

B.R.
Stephen

Send instant messages to your online friends http://uk.messenger.yahoo.com 
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html