Menu
    KNOWLEDGE BASE

    Authentication error: "Incorrect username or password, or username not member of administrative group?" Using "tsm login -u username"

    Published: 30 Jan 2018
    Last Modified Date: 28 Jun 2018

    Issue

    Logging into Tableau Services Manager (TSM) using "tsm login -u username" after installation fails and the following error might occur:

    "Authentication error. Incorrect username or password, or username not member of administrative group?"

    Environment

    • Tableau Server 10.5.0
    • TSM
    • CentOS Linux 7

    Resolution

    Step 1

    The "tableau" and "tsmagent" accounts need nopasswd login permission in /etc/sudoers, and "tableau" needs su permissions.
    • To ensure tableau has su permissions, verify file mode of /bin/su is -rwsr-xr-x.
      • For example, -rwsr-xr-x. 1 root root 30092 Jun 22 2012 /bin/su
    • If not please run chmod 4755 /bin/su

    Step 2

    Additionally, please make sure you are installing as a sudo user who is *not* root. Tableau Server cannot be installed as root user. When trying to login to TSM as root user the same error occurs:

    "Authentication error. Incorrect username or password, or username not member of administrative group?"

    Step 3

    You may also want to look at your pam.d configuration with the steps below:
    Important: The instructions in this section are intended for an IT professional who is comfortable editing the pam.d configuration. Please note that toubleshooting pam.d configuration edits is outside the scope of Tableau Technical Support.

    • Look at your pam.d file with the below command: 
      • sudo cat /etc/pam.d/su
    • If the file contains the below line, comment it out with a #, and save it.
      • auth       required     pam_wheel.so use_uid
    • ​Try to log in again with your tsm user
      • tsm login -u <user>

    Cause

    The "tableau" account had incorrect permissions on the Linux VM.

    Additional Information

    /bin/su  needs to have the set-uid bit turned on, so that it always runs with root permissions, otherwise when an ordinary (non-root) user runs it, it will not have access to the password info in /etc/shadow nor the ability to set the userid to the desired new user. It also must have the group and other write bits turned off, so that other users cannot alter it.

    For more information, see the following questions and answers: 

    Did this article resolve the issue?    
    PRINT THIS PAGE
    Related Links

    System User and sudo Privileges

    Attachments

    All Support

    SUPPORT BY PRODUCT
    TOOLS & DOWNLOADS
    INFORMATION
    ASSISTANCE