cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6532
Views
0
Helpful
13
Replies

WAAS-UNKNOWN-1-899999: ### pam_unix: _unix_verify_password check pass; user

get the above message about 5 times a day on one of my WAE-612s

I had the messages on release 4.0.13 and still get them on 4.0.17

what is causing this message, I tried to login to the WAAS box by using the incorrect username password but that did not generate this message

anybody any ideas??

13 Replies 13

sorry, you do get the above message with an incorrect login, so i have got to see who is trying to login

Richard,

You are correct, it occurs when somone attempts to access the box with an incorrect ID or pw. I've seen it a lot in logs with these messages when somone wrote a script with the incorrect ID/PW.

I think if you go into the syslog.txt on the actual WAE that is getting the message (I assume you are seeing this on the CM?), you may be able to see the UID of the user attempting to log in. Something like the following...

Apr 18 17:58:35 wae1 PAM_unix[20635]: %WAAS-UNKNOWN-1-899999: ###

pam_unix: _unix_verify_password check pass; user unknown

Apr 18 17:58:35 wae1 PAM_unix[20635]: %WAAS-UNKNOWN-5-899999: ###

pam_unix: _unix_verify_password authentication failure; (uid=0) -> pchandho

Apr 18 17:58:45 wae1 PAM_unix[20913]: %WAAS-UNKNOWN-5-899999: ###

pam_unix: _unix_verify_password authentication failure; (uid=0) -> admin

Dan

Dan,

it does seem more complex than that, I put an ACL on the router WAAS interface and picked up nothing

but still getting messages,

looks like it might have something to do with "Start service 'mingett

y' using: '/ruby/bin/startmingetty.sh' with pid: 23755 "

as started about same time as error occured

see below

Jun 4 04:42:07 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330040: Start service 'mingett

y' using: '/ruby/bin/startmingetty.sh' with pid: 32356

Jun 4 04:46:15 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330027: Process with pid 32356

exits

Jun 4 04:46:15 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330048: DEBUG: respawn_count =

8, period: 1528.730000

Jun 4 04:46:15 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330040: Start service 'mingett

y' using: '/ruby/bin/startmingetty.sh' with pid: 2574

Jun 4 14:46:19 SHAWAD01 PAM_unix[2574]: %WAAS-UNKNOWN-3-899999: ### pam_unix: p

am_sm_authenticate bad username [% Authentication failed]

Jun 4 14:46:19 SHAWAD01 login[2574]: %WAAS-UTILLIN-5-801060: Failed login sessi

on from (null) for user % Authentication failed: User not known to the underlyin

g authentication module

Jun 4 04:46:20 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330027: Process with pid 2574

exits

Jun 4 04:46:20 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330024: Service 'mingetty' exi

ted normally with code 1

Jun 4 04:46:20 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330032: Stopping service: 'min

getty'.

Jun 4 04:46:20 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330048: DEBUG: respawn_count =

9, period: 1534.040000

Jun 4 04:46:21 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330040: Start service 'mingett

y' using: '/ruby/bin/startmingetty.sh' with pid: 2837

Jun 4 05:15:31 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330027: Process with pid 2837

exits

Jun 4 05:15:31 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330048: DEBUG: respawn_count =

10, period: 3284.710000

Jun 4 05:15:31 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330040: Start service 'mingett

y' using: '/ruby/bin/startmingetty.sh' with pid: 23462

Jun 4 15:15:35 SHAWAD01 PAM_unix[23462]: %WAAS-UNKNOWN-3-899999: ### pam_unix:

pam_sm_authenticate bad username [% Authentication failed]

Jun 4 15:15:35 SHAWAD01 login[23462]: %WAAS-UTILLIN-5-801060: Failed login sess

ion from (null) for user % Authentication failed: User not known to the underlyi

ng authentication module

Jun 4 05:15:36 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330027: Process with pid 23462

exits

Jun 4 05:15:36 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330024: Service 'mingetty' exi

ted normally with code 1

Jun 4 05:15:36 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330032: Stopping service: 'min

getty'.

Jun 4 05:15:36 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330048: DEBUG: respawn_count =

0, period: 0.010000

Jun 4 05:15:37 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330040: Start service 'mingett

y' using: '/ruby/bin/startmingetty.sh' with pid: 23469

Jun 4 15:15:41 SHAWAD01 PAM_unix[23469]: %WAAS-UNKNOWN-1-899999: ### pam_unix:

_unix_verify_password check pass; user unknown

Jun 4 15:15:41 SHAWAD01 PAM_unix[23469]: %WAAS-UNKNOWN-5-899999: ### pam_unix:

_unix_verify_password authentication failure; LOGIN(uid=0) -> Jun 4 15:15:3

Jun 4 15:15:43 SHAWAD01 login[23469]: %WAAS-UTILLIN-5-801060: Failed login sess

ion from (null) for user Jun 4 15:15:3: Authentication service cannot retrieve

authentication info.

Jun 4 05:15:44 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330027: Process with pid 23469

exits

Jun 4 05:15:44 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330048: DEBUG: respawn_count =

1, period: 8.110000

Jun 4 05:15:45 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330040: Start service 'mingett

y' using: '/ruby/bin/startmingetty.sh' with pid: 23755

Jun 4 15:16:51 SHAWAD01 login: %WAAS-SYSUTL-5-800003: you2are login on 0 from 1

72.16.197.254

Richard,

By any chance is there a console server attached to the console port on the WAE?

Dan

Dan,

No there is nothing connected to the console port. I have 20 WAE- 612s around Australia, and Asia , this one in Shanghai is the only one giving this problem

How is your AAA setup? Do you use the Admin and other local accounts ID or do you have tacacs or something else setup as well?

Dan

Just use local accounts

muali
Cisco Employee
Cisco Employee

These are likely from failed login attempts, do you have some script running or scanning going on. Look for a pattern in time stamp.

If you are using TACACS for AAA, make sure your server is accessible from the WAE.

it is not a failed login attempt, see prevoius messages. It seems to be associated with the "mingetty" service see attached log

Everytime this service starts i get the message, why is this service starting, looking through logs from other WAAS boxes i do not see this service starting

Richard,

I'm not sure this will help anything either... Can you check if the WAE is running debug? I see some debug messages in the log... Maybe from a past TAC case or something? Try "sh debug" and see if there is anything running. Maybe try "undebug all" at the exec mode if so.

Dan

no no debugs, been reloaded OS upgraded.

I am not a Linux person but it looks like something to do with the mingetty service and perhaps something in the Linux kernal

Hi Richard

I have the same issue.

Could you fix it? What was the root cause?

Thanks

Dear Richard

After 12 years I got the answer from Cisco for this issue:

You are hitting two new defects

CSCvn12138 ISR-WAAS console becomes unresponsive. This is scheduled to be fixed in 6.4.5a

CSCvs76822 mingetty process constantly restarting. And this is scheduled to be fixed in 6.4.3e

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: