“Unable to expire password for root” – Debian 9 in vCloud Director

Debian 9 was released on 17th of June 2017, and for me, it was not only the information about the arriving upgrades. Also, it was the sign of the new vCloud Director template. I started making it on Monday, and I faced the problem with customization. Of course, I used Open-VM-Tools because I try to use them everywhere. I had many problems with customization, but it was the first time when I had a problem with password customization on a Linux guest OS – I got “unable to expire password for root” error. Fortunately, I took one look at the open-vm-tools code and found the solution. It seems that the Internet has no resolution yet, what is very interesting.

Symptoms of “unable to expire password for root”

Your environment:

  • vCloud Director (I assume it doesn’t matter which version)
  • Debian 9 as the guest OS
  • open-vm-tools installed on Debian

If your customization doesn’t work, you should – as always – check logs, which are stored in /var/log/vmware-imc/toolsDeployPkg.log. If you find here something similar to the following snippet:

you know that you’re home. 🙂 The most important is the 9th line, which informs you that script has encountered the error: “Unable to expire password for root users OR set password for root user”.

How it is supposed to look like:

How to resolve this issue?

In my case resolution was to change the /etc/pam.d/vmtoolsd file with the correct parameters. When you check the GitHub repository of the open-vm-tools project, you find the following code:

After the system installation this file was empty, hence customization could not work properly. I think open-vm-tools should complete this file during the customization (I have exactly the same version as in the repository on the other Linux OSes), but for some reason, it didn’t happen. After I added those lines, customization has started to work.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.