Debian 9 was released on 17th of June 2017, and for me, it was not only the information about the arriving upgrades. Also, it was the sign of the new vCloud Director template. I started making it on Monday, and I faced the problem with customization. Of course, I used Open-VM-Tools because I try to use them everywhere. I had many problems with customization, but it was the first time when I had a problem with password customization on a Linux guest OS – I got “unable to expire password for root” error. Fortunately, I took one look at the open-vm-tools code and found the solution. It seems that the Internet has no resolution yet, what is very interesting.
Symptoms of “unable to expire password for root”
Your environment:
- vCloud Director (I assume it doesn’t matter which version)
- Debian 9 as the guest OS
- open-vm-tools installed on Debian
If your customization doesn’t work, you should – as always – check logs, which are stored in /var/log/vmware-imc/toolsDeployPkg.log. If you find here something similar to the following snippet:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
INFO: Changing the password... DEBUG: Command: '/bin/cp -f /etc/shadow /etc/shadow.copy' DEBUG: Result: DEBUG: Exit Code: 0 INFO: password utils DEBUG: Command: '**************' DEBUG: Exit Code: 512 ERROR: Fatal error occoured during customization !! Customization halted. ERROR: Error : Unable to expire password for root users OR set password for root user at /tmp/.vmware/linux/deploy/scripts/Customization.pm line 228. DEBUG: Command: '/usr/bin/vmtoolsd --cmd "info-set guestinfo.gc.status Unable to expire password for root users OR set password for root user at /tmp/.vmware/linux/deploy/scripts/Customization.pm line 228. "' DEBUG: Result: DEBUG: Exit Code: 0 INFO: Return code is 248. Customization process returned with error. Deployment result = 248 |
you know that you’re home. 🙂 The most important is the 9th line, which informs you that script has encountered the error: “Unable to expire password for root users OR set password for root user”.
How it is supposed to look like:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
INFO: Handling password settings ... INFO: Changing the password... DEBUG: Command: '/bin/cp -f /etc/shadow /etc/shadow.copy' DEBUG: Result: DEBUG: Exit Code: 0 INFO: password utils DEBUG: Command: '**************' DEBUG: Exit Code: 0 DEBUG: Command: '/bin/rm -f /etc/shadow.copy' DEBUG: Result: DEBUG: Exit Code: 0 INFO: Changing the password is complete |
How to resolve this issue?
In my case resolution was to change the /etc/pam.d/vmtoolsd file with the correct parameters. When you check the GitHub repository of the open-vm-tools project, you find the following code:
|
1 2 3 4 5 6 7 |
#%PAM-1.0 auth required pam_shells.so auth sufficient pam_unix.so shadow auth required pam_unix_auth.so shadow account required pam_shells.so account sufficient pam_unix.so account required pam_unix_acct.so |
After the system installation this file was empty, hence customization could not work properly. I think open-vm-tools should complete this file during the customization (I have exactly the same version as in the repository on the other Linux OSes), but for some reason, it didn’t happen. After I added those lines, customization has started to work.
Hi,
I am currently facing the problem with deploying and reseting root password on Debian 9.
Log says:
INFO: Handling password settings …
INFO: Changing the password…
DEBUG: Command: ‘/bin/cp -f /etc/shadow /etc/shadow.copy’
DEBUG: Result:
DEBUG: Exit Code: 0
INFO: password utils
DEBUG: Command: ‘**************’
DEBUG: Exit Code: 512
ERROR: Fatal error occoured during customization !! Customization halted.
ERROR: Error : Unable to expire password for root users OR set password for root user at /tmp/.vmware-imgcust-dfw6Woo/scripts/Customization.pm line 972.
INFO: Get Tools Daemon Command Line
DEBUG: Command: ‘ps -C vmtoolsd -o cmd=’
DEBUG: Result: /usr/bin/vmtoolsd
DEBUG: Exit Code: 0
DEBUG: Command: ‘/usr/bin/vmtoolsd –cmd “info-set guestinfo.gc.status Unable to expire password for root users OR set password for root user at /tmp/.vmware-imgcust-dfw6Woo/scripts/Customization.pm line 972.
“‘
DEBUG: Result:
DEBUG: Exit Code: 0
INFO: Return code is 248.
Customization process returned with error.
Deployment result = 248
Setting generic error status in vmx.
This is how the vmtoolsd looks:
# PAM configuration for vmtoolsd
#%PAM-1.0
auth required pam_shells.so
auth sufficient pam_unix.so shadow
auth required pam_unix_auth.so shadow
account required pam_shells.so
account sufficient pam_unix.so
account required pam_unix_acct.so
We are running open-vm-tools:
open-vm-tools 2:10.1.5-5055683-4+deb9u1
Do you have any suggestions what the problem can be?
Thank you very much.
Martin
Hi, Martin!
Unfortunately, I am not able to help you – your pamd configuration looks fine, so it should work (in theory). I don’t have any lab, because I don’t work with VMware anymore, so I even cannot try to reproduce your problem. 🙁 I suggest opening an issue https://github.com/vmware/open-vm-tools/issues. Hope they will be able to help you!