Re: SASStudio hangs at a page that says "SAS The power to Know"

jcabrerazuniga · Posted 07-08-2020 12:12 PM

I just installed SAS and I am trying to use SASStudio webpage (http://....... 38080/SASStudio). After setting pam as authentication method at sasauth.conf I have been able to login but the website stuck at a page that says: SAS The power to know. What could be causing this problem?

I found the next msg in the debug log:

20200708-12:40:41 Initializing pam
20200708-12:40:41 Initialized 1 methods.
20200708-12:40:41 Loading method gss from /opt/sas94/SASFoundation/9.4/utilities/bin/authgss.so
20200708-12:40:41 Could not load authentication method /opt/sas94/SASFoundation/9.4/utilities/bin/authgss.so. Reason: libvas.so.4:
cannot open shared object file: No such file or directory

OS = Centos 7

SAS Version 9.4

Thanks in advance

alexal · Posted 07-08-2020 03:50 PM

@jcabrerazuniga ,

I would like to see the output from the commands shown below:

sudo grep sasauth /var/log/secure
cat /etc/pam.d/sasauth

jcabrerazuniga · Posted 07-08-2020 04:17 PM

sudo grep sasauth /var/log/secure
Jul 8 08:53:53 hsc-ctsc-data sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jcabrerazuniga
Jul 8 08:53:53 hsc-ctsc-data sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jcabrerazuniga
Jul 8 08:56:00 hsc-ctsc-data sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jcabrerazuniga
Jul 8 08:56:00 hsc-ctsc-data sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jcabrerazuniga
Jul 8 09:10:57 hsc-ctsc-data sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jcabrerazuniga
Jul 8 09:10:57 hsc-ctsc-data sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jcabrerazuniga
Jul 8 10:02:51 hsc-ctsc-data sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jcabrerazuniga
Jul 8 10:02:51 hsc-ctsc-data sasauth: pam_ldap(sasauth:auth): Authentication failure; user=jcabrerazuniga
Jul 8 10:02:54 hsc-ctsc-data sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jcabrerazuniga
Jul 8 10:02:55 hsc-ctsc-data sasauth: pam_ldap(sasauth:auth): Authentication failure; user=jcabrerazuniga
Jul 8 10:03:08 hsc-ctsc-data sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jcabrerazuniga
Jul 8 10:03:08 hsc-ctsc-data sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jcabrerazuniga
Jul 8 10:49:49 hsc-ctsc-data sudo: jcabrerazuniga : TTY=pts/14 ; PWD=/opt/sas94/SASFoundation/9.4/utilities/bin ; USER=root ; COMMAND=/bin/chown root elssrv sasauth sasperm
Jul 8 10:50:15 hsc-ctsc-data sudo: jcabrerazuniga : TTY=pts/14 ; PWD=/opt/sas94/SASFoundation/9.4/utilities/bin ; USER=root ; COMMAND=/bin/chmod 4755 elssrv sasauth sasperm
Jul 8 10:51:13 hsc-ctsc-data sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jcabrerazuniga
Jul 8 10:51:14 hsc-ctsc-data sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jcabrerazuniga
Jul 8 12:35:08 hsc-ctsc-data sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jcabrerazuniga
Jul 8 12:35:09 hsc-ctsc-data sasauth: pam_ldap(sasauth:auth): Authentication failure; user=jcabrerazuniga
Jul 8 12:40:40 hsc-ctsc-data sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jcabrerazuniga
Jul 8 12:40:41 hsc-ctsc-data sasauth: pam_unix(sasauth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jcabrerazuniga
Jul 8 14:13:27 hsc-ctsc-data sudo: jcabrerazuniga : TTY=pts/7 ; PWD=/home/jcabrerazuniga ; USER=root ; COMMAND=/bin/grep sasauth /var/log/secure

cat /etc/pam.d/sasauth
# This file was created to allow SAS login following:
# https://support.sas.com/kb/49/432.html
# All lines but those starting with auth
# or account have have been commented
# /etc/pam.d/system-auth
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.

auth required pam_env.so
auth required pam_faildelay.so delay=2000000
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so

account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so

# password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
# password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
# password sufficient pam_ldap.so use_authtok
# password required pam_deny.so

# session optional pam_keyinit.so revoke
# session required pam_limits.so
# -session optional pam_systemd.so
# session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
# session required pam_unix.so
# session optional pam_ldap.so

alexal · Posted 07-08-2020 04:49 PM

I do not see any successful authentication attempts. Please contact your Linux administrator to find out why pam_ldap module is failing to authenticate your account.

jcabrerazuniga · Posted 07-08-2020 04:59 PM

Hmm...

In the beginning I was not able to login. However, after I placed

methods = pam

my login credentials were accepted and passed to see the

If I enter a wrong combination of user name and password I can see:

I can see at the logs:

Jul 8 14:13:27 hsc-ctsc-data sudo: jcabrerazuniga : TTY=pts/7 ; PWD=/home/jcabrerazuniga ; USER=root ; COMMAND=/bin/grep sasauth /var/log/secure

which I believe it means I was able to login.

Something that called my attention was to see:

Could not load authentication method /opt/sas94/SASFoundation/9.4/utilities/bin/authgss.so. Reason: libvas.so.4:
cannot open shared object file: No such file or directory

I tried to find a Centos 7 package for libvas.so.4 but no one is available. It seems there is a hot patch but I couldn't find it.

Thanks

jcabrerazuniga · Posted 07-08-2020 06:40 PM

It seems that the problem with using methods = pam on Centos 7 is that the library libvas.so.4 exist only for RedHat. This, apparently, can only be obtained from:

https://www.javahotchocolate.com/notes/rpm.html

through the package:

vasclnts-3.1.0-19

that I could not find for Centos 7. 😞

alexal · Posted 07-08-2020 06:46 PM

A sasauth will try to bind to Kerberos/GSSAPI libraries only if you are trying to perform GSSAPI (IWA) authentication, however, you are trying to use username/password, correct? Or this is fall back from the IWA?

jcabrerazuniga · Posted 07-08-2020 06:50 PM

pam is somehow plugged to our LDAP system. So, at the login page I can enter my username and password. Is there a way to accept this login result without having to go through that libvas.so.4 and allow SAS to move forward?

alexal · Posted 07-08-2020 06:58 PM

Let's enable sasauth-debug as described in the document below:

https://support.sas.com/kb/39/891.html

Restart the metadata server and reproduce the problem. Show me sasauth-debug file for further investigation.

jcabrerazuniga · Posted 07-08-2020 07:14 PM

Here it is the log:

20200708-15:34:41 Not showing passwords in log.
20200708-15:34:41 sasauth: Process:151244 Started by: 122230
20200708-15:34:41 sasauth: buildVersion=v940m1
20200708-15:34:41 Config: methods pam
20200708-15:34:41 Config: debugLog /tmp/sasauth-debug.log
20200708-15:34:41 Config: accessLog /tmp/sasauth-access.log
20200708-15:34:41 Config: errorLog /tmp/sasauth-error.log
20200708-15:34:41 Config: debugNoPasswords true
20200708-15:34:41 Config: maxtries 5
20200708-15:34:41 Config: maxtriesPeriod 60
20200708-15:34:41 Config: maxtriesWait 300
20200708-15:34:41 Config: DENY_EMPTY_PASSWORDS TRUE
20200708-15:34:41 Config: LDAP_AUTH_METHOD BIND
20200708-15:34:41 Config: LDAP_HOST_LIST host1 host2:3000
20200708-15:34:41 Config: LDAP_BIND_SECURITY simple
20200708-15:34:41 Config: LDAP_DN_SEARCH_ATTR uid
20200708-15:34:41 Config: LDAP_GROUP_METHOD USER
20200708-15:34:41 Config: LDAP_GROUP_USE_DN FALSE
20200708-15:34:41 Config: LDAP_SEARCHBASE DC=MYGROUP,DC=MYCOMPANY,DC=COM
20200708-15:34:41 Config: LDAP_USERBASE ou=People
20200708-15:34:41 Config: LDAP_DOMAIN_FORMAT DOMAIN_AFTER_USERBASE
20200708-15:34:41 Config: LDAP_SCHEMA RFC2307
20200708-15:34:41 Config: LDAP_USERNAME_ATTRIBUTE username
20200708-15:34:41 Config: LDAP_UID_ATTRIBUTE uid
20200708-15:34:41 Config: LDAP_GID_ATTRIBUTE gid
20200708-15:34:41 Config: LDAP_PASSWD_ATTRIBUTE password
20200708-15:34:41 Config: LDAP_LASTCHANGE_ATTRIBUTE lastchange
20200708-15:34:41 Config: LDAP_MAXAGE_ATTRIBUTE maxage
20200708-15:34:41 Config: LDAP_ACCTEXPIRE_ATTRIBUTE expire
20200708-15:34:41 Config: LDAP_GROUPS_ATTRIBUTE groups
20200708-15:34:41 Config: LDAP_GROUP_GID_ATTRIBUTE gid
20200708-15:34:41 Config: LDAP_GROUP_MEMBER_ATTRIBUTE member
20200708-15:34:41 Config: LDAP_RFC2307_USERNAME uid
20200708-15:34:41 Config: LDAP_RFC2307_UID uidnumber
20200708-15:34:41 Config: LDAP_RFC2307_GID gidnumber
20200708-15:34:41 Config: LDAP_RFC2307_PASSWD userpassword
20200708-15:34:41 Config: LDAP_RFC2307_LASTCHANGE shadowLastChange
20200708-15:34:41 Config: LDAP_RFC2307_MAXAGE shadowMax
20200708-15:34:41 Config: LDAP_RFC2307_ACCTEXPIRE shadowExpire
20200708-15:34:41 Config: LDAP_RFC2307_GROUPS group
20200708-15:34:41 Config: LDAP_RFC2307_GROUP_GID gidNumber
20200708-15:34:41 Config: LDAP_RFC2307_GROUP_MEMBER memberUid
20200708-15:34:41 Config: LDAP_AD2_USERNAME msSFUName
20200708-15:34:41 Config: LDAP_AD2_UID UidNumber
20200708-15:34:41 Config: LDAP_AD2_GID GidNumber
20200708-15:34:41 Config: LDAP_AD2_PASSWD msSFUPassword
20200708-15:34:41 Config: LDAP_AD2_LASTCHANGE ShadowLastChange
20200708-15:34:41 Config: LDAP_AD2_MAXAGE ShadowMax
20200708-15:34:41 Config: LDAP_AD2_ACCTEXPIRE ShadowExpire
20200708-15:34:41 Config: LDAP_AD2_GROUPS group
20200708-15:34:41 Config: LDAP_AD2_GROUP_GID GidNumber
20200708-15:34:41 Config: LDAP_AD2_GROUP_MEMBER MemberUid
20200708-15:34:41 Config: LDAP_AD3_USERNAME msSFU30Name
20200708-15:34:41 Config: LDAP_AD3_UID msSFU30UidNumber
20200708-15:34:41 Config: LDAP_AD3_GID msSFU30GidNumber
20200708-15:34:41 Config: LDAP_AD3_PASSWD msSFU30Password
20200708-15:34:41 Config: LDAP_AD3_LASTCHANGE msSFU30ShadowLastChange
20200708-15:34:41 Config: LDAP_AD3_MAXAGE msSFU30ShadowMax
20200708-15:34:41 Config: LDAP_AD3_ACCTEXPIRE msSFU30ShadowExpire
20200708-15:34:41 Config: LDAP_AD3_GROUPS group
20200708-15:34:41 Config: LDAP_AD3_GROUP_GID msSFU30GidNumber
20200708-15:34:41 Config: LDAP_AD3_GROUP_MEMBER msSFU30PosixMember
20200708-15:34:41 Adding auth method pam
20200708-15:34:41 Loading method pam from /opt/sas94/SASFoundation/9.4/utilities/bin/authpam.so
20200708-15:34:41 Using standard unixGetGroups for method pam
20200708-15:34:41 pam: buildVersion=v940m1
20200708-15:34:41 Initializing pam
20200708-15:34:41 Initialized 1 methods.
20200708-15:34:41 Loading method gss from /opt/sas94/SASFoundation/9.4/utilities/bin/authgss.so
20200708-15:34:41 Could not load authentication method /opt/sas94/SASFoundation/9.4/utilities/bin/authgss.so. Reason: libvas.so.4: cannot open shared object file: No such file or directory
20200708-15:34:41 GSS could not be loaded.
20200708-15:34:41 Using maxtries: 5
20200708-15:34:41 Using maxtries period: 60
20200708-15:34:41 Using maxtries wait: 300
20200708-15:34:41 Authenticating user hsnow via pam
20200708-15:34:41 pam requested password.
20200708-15:34:41 Getting user's group memberships
20200708-15:34:41 User hsnow in 2 groups.
20200708-15:34:41 Authenticated user hsnow (pam).
20200708-15:34:41 IPC connection broken.
20200708-15:34:41 Session ended.
20200708-15:34:41 Terminating authentication method pam

What is IPC connection broken? For user hsnow it seems the authentication worked.
Thanks again

Ready to join fellow brilliant minds for the SAS Hackathon?

Classroom Training Available!