Issue
Logging into Tableau Services Manager (TSM) using "tsm login -u username" after installation fails and the following error might occur:"Authentication error. Incorrect username or password, or username not member of administrative group?"
Last Modified Date: 03 Sep 2020
"Authentication error. Incorrect username or password, or username not member of administrative group?"
Environment
- Tableau Server
- TSM
- CentOS Linux 7
Resolution
Step 1 - applies only to Tableau Server 10.5
The "tableau" and "tsmagent" accounts need nopasswd login permission in /etc/sudoers.
Step 2 - applies to all versions
The "tableau" account needs su permissions.
-
To ensure tableau has su permissions, verify file mode of
/bin/su is -rwsr-xr-x.- For example, -rwsr-xr-x. 1 root root 30092 Jun 22 2012 /bin/su
- If not, run
chmod 4755 /bin/su
Step 3 - applies to all versions
Make sure you are installing as a sudo user or, if installing as the root user, TSM is initialized using the -a flag to specify a non-root TSM user. When trying to login to TSM as root user the same error may occur:
"Authentication error. Incorrect username or password, or username not member of administrative group?"
Step 4 - applies to all versions
Review your pam.d configuration with the steps below:Important: The instructions in this section are intended for an IT professional who is comfortable editing the pam.d configuration. Please note that toubleshooting pam.d configuration edits is outside the scope of Tableau Technical Support.
Look at your pam.d file with the below command:
sudo cat /etc/pam.d/su
If the file contains the below line, comment it out with a #, and save it.
auth required pam_wheel.so use_uid
Alternatively, add the tableau user to the wheel group:
sudo usermod -a -G wheel <user>
Try to log in again with your tsm user:
tsm login -u <user>
Cause
The "tableau" account has incorrect permissions on the Linux virtual machine.Additional Information
/bin/su needs to have the set-uid bit turned on, so that it always runs with root permissions, otherwise when an ordinary (non-root) user runs it, it will not have access to the password info in/etc/shadow nor the ability to set the userid to the desired new user. It also must have the group and other write bits turned off, so that other users cannot alter it.
For more information, see the following questions and answers:
- I Can't login as root with su command, but I can with SSH
- su: Permission denied despite correct password
Discuss this article... Feedback Forum
Thank you for providing your feedback on the effectiveness of the article.
Open new Case
Continue Searching
Knowledge Base
Community
Product Help
Training and Tutorials