Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

WAAS-UNKNOWN-1-899999: ### pam_unix: _unix_verify_password check pass; user

get the above message about 5 times a day on one of my WAE-612s

I had the messages on release 4.0.13 and still get them on 4.0.17

what is causing this message, I tried to login to the WAAS box by using the incorrect username password but that did not generate this message

anybody any ideas??

11 REPLIES

Re: WAAS-UNKNOWN-1-899999: ### pam_unix: _unix_verify_password c

sorry, you do get the above message with an incorrect login, so i have got to see who is trying to login

Cisco Employee

Re: WAAS-UNKNOWN-1-899999: ### pam_unix: _unix_verify_password c

Richard,

You are correct, it occurs when somone attempts to access the box with an incorrect ID or pw. I've seen it a lot in logs with these messages when somone wrote a script with the incorrect ID/PW.

I think if you go into the syslog.txt on the actual WAE that is getting the message (I assume you are seeing this on the CM?), you may be able to see the UID of the user attempting to log in. Something like the following...

Apr 18 17:58:35 wae1 PAM_unix[20635]: %WAAS-UNKNOWN-1-899999: ###

pam_unix: _unix_verify_password check pass; user unknown

Apr 18 17:58:35 wae1 PAM_unix[20635]: %WAAS-UNKNOWN-5-899999: ###

pam_unix: _unix_verify_password authentication failure; (uid=0) -> pchandho

Apr 18 17:58:45 wae1 PAM_unix[20913]: %WAAS-UNKNOWN-5-899999: ###

pam_unix: _unix_verify_password authentication failure; (uid=0) -> admin

Dan

Re: WAAS-UNKNOWN-1-899999: ### pam_unix: _unix_verify_password c

Dan,

it does seem more complex than that, I put an ACL on the router WAAS interface and picked up nothing

but still getting messages,

looks like it might have something to do with "Start service 'mingett

y' using: '/ruby/bin/startmingetty.sh' with pid: 23755 "

as started about same time as error occured

see below

Jun 4 04:42:07 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330040: Start service 'mingett

y' using: '/ruby/bin/startmingetty.sh' with pid: 32356

Jun 4 04:46:15 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330027: Process with pid 32356

exits

Jun 4 04:46:15 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330048: DEBUG: respawn_count =

8, period: 1528.730000

Jun 4 04:46:15 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330040: Start service 'mingett

y' using: '/ruby/bin/startmingetty.sh' with pid: 2574

Jun 4 14:46:19 SHAWAD01 PAM_unix[2574]: %WAAS-UNKNOWN-3-899999: ### pam_unix: p

am_sm_authenticate bad username [% Authentication failed]

Jun 4 14:46:19 SHAWAD01 login[2574]: %WAAS-UTILLIN-5-801060: Failed login sessi

on from (null) for user % Authentication failed: User not known to the underlyin

g authentication module

Jun 4 04:46:20 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330027: Process with pid 2574

exits

Jun 4 04:46:20 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330024: Service 'mingetty' exi

ted normally with code 1

Jun 4 04:46:20 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330032: Stopping service: 'min

getty'.

Jun 4 04:46:20 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330048: DEBUG: respawn_count =

9, period: 1534.040000

Jun 4 04:46:21 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330040: Start service 'mingett

y' using: '/ruby/bin/startmingetty.sh' with pid: 2837

Jun 4 05:15:31 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330027: Process with pid 2837

exits

Jun 4 05:15:31 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330048: DEBUG: respawn_count =

10, period: 3284.710000

Jun 4 05:15:31 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330040: Start service 'mingett

y' using: '/ruby/bin/startmingetty.sh' with pid: 23462

Jun 4 15:15:35 SHAWAD01 PAM_unix[23462]: %WAAS-UNKNOWN-3-899999: ### pam_unix:

pam_sm_authenticate bad username [% Authentication failed]

Jun 4 15:15:35 SHAWAD01 login[23462]: %WAAS-UTILLIN-5-801060: Failed login sess

ion from (null) for user % Authentication failed: User not known to the underlyi

ng authentication module

Jun 4 05:15:36 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330027: Process with pid 23462

exits

Jun 4 05:15:36 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330024: Service 'mingetty' exi

ted normally with code 1

Jun 4 05:15:36 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330032: Stopping service: 'min

getty'.

Jun 4 05:15:36 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330048: DEBUG: respawn_count =

0, period: 0.010000

Jun 4 05:15:37 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330040: Start service 'mingett

y' using: '/ruby/bin/startmingetty.sh' with pid: 23469

Jun 4 15:15:41 SHAWAD01 PAM_unix[23469]: %WAAS-UNKNOWN-1-899999: ### pam_unix:

_unix_verify_password check pass; user unknown

Jun 4 15:15:41 SHAWAD01 PAM_unix[23469]: %WAAS-UNKNOWN-5-899999: ### pam_unix:

_unix_verify_password authentication failure; LOGIN(uid=0) -> Jun 4 15:15:3

Jun 4 15:15:43 SHAWAD01 login[23469]: %WAAS-UTILLIN-5-801060: Failed login sess

ion from (null) for user Jun 4 15:15:3: Authentication service cannot retrieve

authentication info.

Jun 4 05:15:44 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330027: Process with pid 23469

exits

Jun 4 05:15:44 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330048: DEBUG: respawn_count =

1, period: 8.110000

Jun 4 05:15:45 SHAWAD01 Nodemgr: %WAAS-NODEMGR-5-330040: Start service 'mingett

y' using: '/ruby/bin/startmingetty.sh' with pid: 23755

Jun 4 15:16:51 SHAWAD01 login: %WAAS-SYSUTL-5-800003: you2are login on 0 from 1

72.16.197.254

Cisco Employee

Re: WAAS-UNKNOWN-1-899999: ### pam_unix: _unix_verify_password c

Richard,

By any chance is there a console server attached to the console port on the WAE?

Dan

Re: WAAS-UNKNOWN-1-899999: ### pam_unix: _unix_verify_password c

Dan,

No there is nothing connected to the console port. I have 20 WAE- 612s around Australia, and Asia , this one in Shanghai is the only one giving this problem

Cisco Employee

Re: WAAS-UNKNOWN-1-899999: ### pam_unix: _unix_verify_password c

How is your AAA setup? Do you use the Admin and other local accounts ID or do you have tacacs or something else setup as well?

Dan

Re: WAAS-UNKNOWN-1-899999: ### pam_unix: _unix_verify_password c

Just use local accounts

Cisco Employee

Re: WAAS-UNKNOWN-1-899999: ### pam_unix: _unix_verify_password c

These are likely from failed login attempts, do you have some script running or scanning going on. Look for a pattern in time stamp.

If you are using TACACS for AAA, make sure your server is accessible from the WAE.

Re: WAAS-UNKNOWN-1-899999: ### pam_unix: _unix_verify_password c

it is not a failed login attempt, see prevoius messages. It seems to be associated with the "mingetty" service see attached log

Everytime this service starts i get the message, why is this service starting, looking through logs from other WAAS boxes i do not see this service starting

Cisco Employee

Re: WAAS-UNKNOWN-1-899999: ### pam_unix: _unix_verify_password c

Richard,

I'm not sure this will help anything either... Can you check if the WAE is running debug? I see some debug messages in the log... Maybe from a past TAC case or something? Try "sh debug" and see if there is anything running. Maybe try "undebug all" at the exec mode if so.

Dan

Re: WAAS-UNKNOWN-1-899999: ### pam_unix: _unix_verify_password c

no no debugs, been reloaded OS upgraded.

I am not a Linux person but it looks like something to do with the mingetty service and perhaps something in the Linux kernal

2030
Views
0
Helpful
11
Replies