Forum Discussion

t_vanderkrogt's avatar
t_vanderkrogt
Icon for Altostratus rankAltostratus
Nov 17, 2016

Failing to login to GUI with admin account

I'm experiencing a really strange issue with my Virtual F5 LTM.

 

I'm running BIG-IP 11.6.1 Build 1.0.326 and since two weeks I'm not able to log into the GUI anymore. Neither with the admin account, nor with any other account. The CLI is no issue, I can log in there without any problems.

 

I keep seeing the follow logs in de secure.log:

 

Nov 10 21:09:37 localhost alert httpd[20065]: PAM Couldn't open /var/log/pam/tallylog : Permission denied Nov 10 21:09:37 localhost alert httpd[20065]: pam_tally2(httpd:auth): Error opening /var/log/pam/tallylog for update: Permission denied Nov 10 21:09:39 localhost info httpd(pam_audit)[20065]: User=admin tty=(unknown) host=10.128.1.1 failed to login after 1 attempts (start="Thu Nov 10 21:09:37 2016" end="Thu Nov 10 21:09:39 2016"). Nov 10 21:09:39 localhost info httpd(pam_audit)[20065]: 01070417:6: AUDIT - user admin - RAW: httpd(pam_audit): User=admin tty=(unknown) host=10.128.1.1 failed to login after 1 attempts (start="Thu Nov 10 21:09:37 2016" end="Thu Nov 10 21:09:39 2016"). Nov 10 21:09:45 localhost alert httpd[20071]: PAM Couldn't open /var/log/pam/tallylog : Permission denied Nov 10 21:09:45 localhost alert httpd[20071]: pam_tally2(httpd:auth): Error opening /var/log/pam/tallylog for update: Permission denied Nov 10 21:09:47 localhost info httpd(pam_audit)[20071]: User=admin tty=(unknown) host=10.128.1.1 failed to login after 1 attempts (start="Thu Nov 10 21:09:45 2016" end="Thu Nov 10 21:09:47 2016"). Nov 10 21:09:47 localhost info httpd(pam_audit)[20071]: 01070417:6: AUDIT - user admin - RAW: httpd(pam_audit): User=admin tty=(unknown) host=10.128.1.1 failed to login after 1 attempts (start="Thu Nov 10 21:09:45 2016" end="Thu Nov 10 21:09:47 2016").

 

Not sure if it's related, but I find it strange that PAM couldnt open the tally log. The file is definately there and permissions seems to be correct.

 

Things I've tried so far without result:

 

  • resetting the admin password to default

     

  • creating a new user account with admin rights

     

  • loading default config

     

  • set full rights to the tallylog file.

     

  • uploaded the config to iHealth, no really strange things beside a load of failed loging attempts

     

  • tried different browsers.

     

Maybe someone else has any suggestions what to do next?

 

I'm kinda stuck now...

 

Thanks in advance.

 

application delivery
BIG-IP
gui
login attemps
LTM
tallylog
  • Leonardo_Accors's avatar
    Leonardo_Accors
    Icon for Cirrus rankCirrus
    Nov 17, 2016

    Hi, it's really a strange behaviour. In a braistorming way, I suggest you another try; you would restart tomcat using this command:

     

    tmsh restart /sys service tomcat

     

    This is the first thig I do when I have some GUI issue.

     

    Hope this can help

     

    Leonardo

     

  • t_vanderkrogt's avatar
    t_vanderkrogt
    Icon for Altostratus rankAltostratus
    Nov 17, 2016

    Unfortunately no luck.

     

    I've even updated to 12.1.1, still the same issue.

     

    I can't stop thinking that the issue is somewhere with the tally file. With every login attempt, I see the following logging.

     

    Any suggestions?

     

    Nov 17 12:31:45 localhost info sshd(pam_audit)[21162]: 01070417:6: AUDIT - user tomk - RAW: sshd(pam_audit): user=tomk(tomk) partition=[All] level=Administrator tty=ssh host=10.128.1.1 attempts=1 start="Thu Nov 17 12:31:45 2016". Nov 17 12:43:52 localhost alert httpd[10113]: PAM Couldn't open /var/log/pam/tallylog : Permission denied Nov 17 12:43:52 localhost alert httpd[10113]: pam_tally2(httpd:auth): Error opening /var/log/pam/tallylog for update: Permission denied Nov 17 12:43:54 localhost err httpd[10113]: [error] [client 10.128.1.1] AUTHCACHE PAM: user 'admin' (fallback: false) - not authenticated: Authentication failure, referer: https://10.128.1.145/tmui/login.jsp?msgcode=1&; Nov 17 12:43:54 localhost info httpd(pam_audit)[10113]: User=admin tty=(unknown) host=10.128.1.1 failed to login after 1 attempts (start="Thu Nov 17 12:43:52 2016" end="Thu Nov 17 12:43:54 2016"). Nov 17 12:43:54 localhost info httpd(pam_audit)[10113]: 01070417:6: AUDIT - user admin - RAW: httpd(pam_audit): User=admin tty=(unknown) host=10.128.1.1 failed to login after 1 attempts (start="Thu Nov 17 12:43:52 2016" end="Thu Nov 17 12:43:54 2016").

     

  • Niels_van_Sluis's avatar
    Niels_van_Sluis
    Icon for MVP rankMVP
    Nov 22, 2016

    Maybe it has something to do with file permissions. Then you can see messages like this in the /var/log/tomcat/catalina.out logfile:

    log4j:ERROR setFile(null,true) call failed.
java.io.FileNotFoundException: /var/log/webui.log (Permission denied)

    I've seen systems where the settings of the /var/log partition was set incorrectly. Like:

    [root@localhost:Active:Standalone] etc  ls -ldZ /var/log
drw-r--r--. root root system_u:object_r:var_log_t:s0   /var/log
-rw-rw-r--. root tomcat system_u:object_r:var_log_t:s0   /var/log/webui.log

    Fix it like this:

     chmod 0755 /var/log
 tmsh restart sys service tomcat

    Maybe not a bad idea to reboot the whole box.