mathdufort Posted October 3, 2019 Report Posted October 3, 2019 Hi, I am trying to add our Linux based computers to TNI. I have tried the two possible ways: 1- I tried copying the tnilinagent and tnilinagent_x64 from the server's "C:\Program Files (x86)\Total Network Inventory" folder to a local folder on my Ubuntu machine. I chmod 755 the files and tried launching the scripts by entering : 1A- "./tnilinagent" -> I get "./tnilinagent: line 42: /home/lifuser/tmp.REdDcvEd1P/tnilinagent: no such file or directory" (or something close since my ubuntu system is in french) 1B- "sudo ./tnilinagent" -> After entering the password for "lifuser" I get "./tnilinagent: line 42: /home/lifuser/tmp.REdDcvEd1P/tnilinagent: no such file or directory" (or something close since my ubuntu system is in french) 1C- "./thilinagent_x64" -> I get "Error: Insufficient privileges to run the application." 1D- "sudo ./tnilinagent_x64" -> After entering the password for "lifuser" I get "Error: Insufficient privileges to run the application." 2- I also tried launching the scan from the TNI server. 2A- I installed openssh-server on my ubuntu machine and made sure I can connect from the server using putty and the "lifuser" user 2B- In TNI, I entered the ip address of my client machine, I created a new SSH user using the "lifuser" credentials 2C- I launch the scan, TNI connects to the client machine (I tried putting the wrong password and it gives me an authentication fail). 2D- TNI does the following steps (analyzing ports, connection, copying files, analyzing) and then it fails with the error: "Fail : SSH [sudo] password for lifuser : Sorry, try again" (again my error message is in french so please forgive my (maybe) bad translation). Could you help me with this situation please? Thanks in advance and have a nice day! Quote
Alex Posted October 4, 2019 Report Posted October 4, 2019 Hello, Thanks for your message. Please let us know what Linux version you are trying to scan. Usually these two commands should run the agent without a problem if you are using an account with administrative privileges: chmod 755 tnilinagent_x64 tnilinagent_x64 Have you tried performing the scan using the root account? Let us know if "lifuser" is in the sudoers group? Quote
mathdufort Posted October 4, 2019 Author Report Posted October 4, 2019 I am trying to scan a Ubuntu Desktop 18.04.3 LTS 64bits machine. Ubuntu doesn't create a root account, it instead creates a normal account with sudo privileges. lifuser is in the sudoers group and is the only account on this machine. I tried running the two commands you specified but with the result I have written in my first post. Thank you for your help... Quote
Alex Posted October 7, 2019 Report Posted October 7, 2019 Thanks for the information. We'll check the scanning agent on this Ubuntu version and let you know the result. Quote
mathdufort Posted October 7, 2019 Author Report Posted October 7, 2019 Thank you for the follow up! :D I'll be waiting! Quote
Alex Posted October 24, 2019 Report Posted October 24, 2019 We apologize for the delay. We've checked all possible scenarios on this Ubuntu version, but we haven't encountered this problem on both root and standard users. Please try one of the following solutions: 1. Create a new user and add it to the sudoers group. There may be a problem with your current user. 2. You can enable the root account and use it to perform the scan: a. Use the following command to change or create the root password: sudo passwd root b. Edit the OpenSSH config: sudo gedit /etc/ssh/sshd_config Change the "PermitRootLogin" string to "yes" and make sure the line is not a comment. c. Restart the SSH service: sudo systemctl restart ssh.service After that, try scanning this computer remotely using the root credentials. Quote
mathdufort Posted October 25, 2019 Author Report Posted October 25, 2019 Hi Alex! I tried following the mentioned steps and everything went smoothly. I'm a little concerned about security issues with having to allow SSH from the root account though. It's normally best practice to disable SSH Login from root account. I'll try with another account than the "lifuser" account. Maybe there's something wrong with it... Just for testing purpose, I have reset the root password to the same as the "lifuser" account and from the TNI Server, I get a fail when I try to scan using "lifuser" credentials but a successful scan using the root account. I tried verifying each account's sudo permissions and they are the same. Again, thank you for your help! Quote
mathdufort Posted October 25, 2019 Author Report Posted October 25, 2019 I tried again with the "lifuser" user and here is what I see on the client in the /var/log/auth.log file Oct 25 08:42:11 lif-p45190 sshd[4740]: Did not receive identification string from 192.168.10.228 port 1464 Oct 25 08:42:11 lif-p45190 sshd[4741]: Accepted password for lifuser from 192.168.10.228 port 1468 ssh2 Oct 25 08:42:11 lif-p45190 sshd[4741]: pam_unix(sshd:session): session opened for user lifuser by (uid=0) Oct 25 08:42:11 lif-p45190 systemd-logind[851]: New session 10 of user lifuser. Oct 25 08:42:11 lif-p45190 sudo: pam_unix(sudo:auth): authentication failure; logname=lifuser uid=1000 euid=0 tty=/dev/pts/1 ruser=lifuser rhost= user=lifuser Oct 25 08:42:13 lif-p45190 sudo: pam_unix(sudo:auth): conversation failed Oct 25 08:42:13 lif-p45190 sudo: pam_unix(sudo:auth): auth could not identify password for [lifuser] Oct 25 08:42:13 lif-p45190 sudo: lifuser : 1 incorrect password attempt ; TTY=pts/1 ; PWD=/home/lifuser/.tnilinagent_x64 ; USER=root ; COMMAND=./tnilinagent_x64 /silent /ip:172.16.24.210 /login:linux LIF Oct 25 08:42:14 lif-p45190 sshd[4805]: Received disconnect from 192.168.10.228 port 1468:11: TNI session terminated. Oct 25 08:42:14 lif-p45190 sshd[4805]: Disconnected from user lifuser 192.168.10.228 port 1468 Oct 25 08:42:14 lif-p45190 sshd[4741]: pam_unix(sshd:session): session closed for user lifuser Oct 25 08:42:14 lif-p45190 systemd-logind[851]: Removed session 10. "linux LIF" is the name of the user profile to use in the TNI Server. Can you see something wrong in this log? Quote
Alex Posted October 28, 2019 Report Posted October 28, 2019 Hello, I've checked the log, and if I am not mistaken, this may be the PAM auth module problem. In any case, we were unable to reproduce this issue in our environment. Not sure if this will help, but a similar problem is described on this page: https://stackoverflow.com/questions/57657645/pam-unixsudoauth-conversation-failed-auth-could-not-identify-password-for Quote
mathdufort Posted November 13, 2019 Author Report Posted November 13, 2019 Thank you for getting back with a possible solution. I will try messing with PAM and get back if it worked or not! Quote
KevinTNI Posted February 25, 2021 Report Posted February 25, 2021 Hi mathdufort, did you find a solution? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.