Search code examples
linuxtableau-apipam

Unable to login into Tableau Services Manager - PAM authentication failed

I setup tableau on Amazon AMI2. I am able access tableau server but when trying to login into TSM(Tableau Server Manager), it's not working. After entering username/password and clicking the sign-in button, nothing happens. I see below logs in TSM controller.

Failed to authenticate user 'tsm-admin' with PAM service 'login': pam_authenticate failed : Authentication failure

I confirmed that tsm-admin user exists and part of tsmadmin group. It is also a sudo user and can login. I see below post that talks about this problem and i tried steps mentioned there, but no success https://community.tableau.com/s/question/0D54T00000YuX6aSAF/connexion-to-tsm-webapp-or-tabcmd-failed-failed-to-authenticate-user-tsmadmin-with-pam-service-login-pamauthenticate-failed-authentication-failure

Any idea how can make login work with TSM?

Solution

  • I think that the issue is coming from the lack of password associated to the user you are trying to log in with (as Diego explains in the link that you have provided).
    You can workaround this limitation by using pam_userdb to authenticate your user but I am warning you: it's not pretty:
    Install db4 and db4-utils

    # yum install db4-utils db4

    Create a berkeley db with your admin users and passwords.
    Warnings:

    • the user has to be known to the host and also probably member of the group (tsm-admin should work in your case), associate to it the password that you'll want to type in the browser.
    • the db file must end with a .db extension to be readable by pam_userdb.
    • the db must be readable by the unprivileged user running your tableau instance (tableau in the example below, adjust according to your needs)

    example:

    # sudo mkdir -p /etc/tableau/ && cd /etc/tableau
# sudo nano tsm-admins.txt # put one line with the user and one line with the password
# sudo db4_load -T -t hash -f tsm-admins.txt tsm-admins.db
# sudo rm tsm-admins.txt
# sudo chmod go-rw tsm-admins.db
# sudo chown tableau:tableau tsm-admins.db

    Create the /etc/pam.d/tableau module with the following content: Warning: the missing .db extension of the db parameter is not a miss, it will be added automatically by the module.

    #%PAM-1.0
auth       required       pam_userdb.so db=/etc/tableau/tsm-admins
account    required       pam_userdb.so db=/etc/tableau/tsm-admins

    You should then be able to access your TSM UI.
    You can add a debug parameter to the pam_userdb line for additional logs in /var/log/secure, you can read about it in the documentation

    You may find something useful in the Tableau error messages located in the tableau_server/data/tabsvc/logs/tabadmincontroller/ logs.

    Good luck 😉