PAM audit_log_acct_message() failed: Operation not permitted & User auth fails

Question

I am receiving this error when authenticating users for vsftpd with pam_python on Ubuntu (13.04 development branch) in the auth.log file,

vsftpd[1]: PAM audit_log_acct_message() failed: Operation not permitted

and then vsftpd says the password is wrong when attempting to connect. Here is the full section from the auth.log file:

vsftpd[1]: pam_auth.py(9): pam_sm_authenticate()
vsftpd[1]: pam_auth.py(9): get_user_base_dir()
vsftpd[1]: pam_auth.py(9): auth_user()
vsftpd[1]: pam_auth.py(9): get_user_base_dir()
vsftpd[1]: pam_auth.py(9): verify_password()
vsftpd[1]: pam_auth.py(5): LOGIN: dev
vsftpd[1]: PAM audit_log_acct_message() failed: Operation not permitted

Now, this is not normal at all, LOGIN: dev is outputted when the account dev is properly authenticated so it should authenticate me (or the python script should give out an error).. here is a healthy output from another server with the exact same configuration:

vsftpd[11037]: pam_auth.py(9): pam_sm_authenticate()
vsftpd[11037]: pam_auth.py(9): get_user_base_dir()
vsftpd[11037]: pam_auth.py(9): auth_user()
vsftpd[11037]: pam_auth.py(9): get_user_base_dir()
vsftpd[11037]: pam_auth.py(9): verify_password()
vsftpd[11037]: pam_auth.py(5): LOGIN: dev
vsftpd[11037]: pam_auth.py(9): pam_sm_acct_mgmt()
vsftpd[11037]: pam_auth.py(9): get_user_base_dir()
vsftpd[11037]: pam_auth.py(9): pam_sm_setcred()
vsftpd[11037]: pam_auth.py(9): get_user_base_dir()
vsftpd[11037]: pam_auth.py(5): /home/dev/downloads/

The only thing different about this server, is that it is running a different kernel (it is from a different datacenter than usual), the kernel normally is:

Linux sb16 3.2.13-grsec-xxxx-grs-ipv6-64 #1 SMP Thu Mar 29 09:48:59 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Whereas the kernel on the server where I can't get pam to work is:

Linux sb17 3.8.0-12-generic #21-Ubuntu SMP Thu Mar 7 19:08:49 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

There is definitely something going wrong, but the only error that I can see anywhere is the audit_log_acct_message() failed message.
When trying the python script directly it outputs success too:

$ pam_auth.py dev test
success

What could be causing this? And how can I fix it/get around it?

Answer 1

This works:

• Install the new kernel.
• compile vsftpd from source

(i install all my kernels from source, so maybe you also need the kernel source.)

Should work now.

If you get a "Response: 500 OOPS: priv_sock_get_cmd" error, put "seccomp_sandbox=NO" in your /etc/vsftpd.conf.

Hope that helps.

best regards Benedikt

(This was tested with OpenSuSe 12.2 and Kernel 3.8.2)

Answer 2

I have the same error.

I compiled my kernels from kernel.org I tryed a lot of kernels in the last 4hours.

Now i could say Kernel 3.6.11 is the last kernel that works for me. Kernel 3.7.0, 3.8.0 and 3.8.2 did not work.

With Kernel 3.6.2 and 3.6.11 everything works fine.

I use OpenSuSe 12.2-1.5. Up to date packages. PAM is at version 3.2.2