KNOWLEDGE BASE

Authentication error: "Incorrect username or password, or username not member of administrative group?" Using "tsm login -u username"


Published: 30 Jan 2018
Last Modified Date: 26 Mar 2018

Issue

Logging into Tableau Services Manager (TSM) using "tsm login -u username" after installation fails and the following error might occur:

"Authentication error. Incorrect username or password, or username not member of administrative group?"

Environment

  • Tableau Server 10.5.0
  • TSM
  • CentOS Linux 7

Resolution

Step 1

The "tableau" and "tsmagent" accounts need nopasswd login permission in /etc/sudoers, and "tableau" needs su permissions.
  • To ensure tableau has su permissions, verify file mode of /bin/su is -rwsr-xr-x.
    • For example, -rwsr-xr-x. 1 root root 30092 Jun 22 2012 /bin/su
  • If not please run chmod 4755 /bin/su

Step 2

Additionally, please make sure you are installing as a sudo user who is *not* root. Tableau Server cannot be installed as root user. When trying to login to TSM as root user the same error occurs:

"Authentication error. Incorrect username or password, or username not member of administrative group?"

Step 3

You may also want to look at your pam.d configuration with the steps below:
Important: The instructions in this section are intended for an IT professional who is comfortable editing the pam.d configuration. Please note that toubleshooting pam.d configuration edits is outside the scope of Tableau Technical Support.

  • Look at your pam.d file with the below command: 
    • sudo cat /etc/pam.d/su
  • If the file contains the below line, comment it out with a #, and save it.
    • auth       required     pam_wheel.so use_uid
  • ​Try to log in again with your tsm user
    • tsm login -u <user>

Cause

The "tableau" account had incorrect permissions on the Linux VM.

Additional Information

/bin/su  needs to have the set-uid bit turned on, so that it always runs with root permissions, otherwise when an ordinary (non-root) user runs it, it will not have access to the password info in /etc/shadow nor the ability to set the userid to the desired new user. It also must have the group and other write bits turned off, so that other users cannot alter it.

For more information, see the following questions and answers: 

Did this article resolve the issue?