18 06 2019

You (root) are not allowed to access to (crontab) because of pam configuration.

Encounted this error on a server when installing puppet, which runs under cron. The main things to check are;

That root is allowed to run cron etc in /etc/security/access.conf

+ : root : cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6

Next up is to check the pam configuration for crond, it should look like the below.

# cat /etc/pam.d/crond 
#
# The PAM configuration file for the cron daemon
#
#
# No PAM authentication called, auth modules not needed
account    required   pam_access.so
account    include    password-auth
session    required   pam_loginuid.so
session    include    password-auth
auth       include    password-auth

In this particular case there was an issue with the pam file, and correcting it to the above fixed the issue, but I have seen issues with the cron line being commented out in the access.conf

puppet: Error 400 on SERVER: Attempt to assign to a reserved variable name: ‘trusted’ FreeIPA: Manually deleting host in LDAP

One thought on “You (root) are not allowed to access to (crontab) because of pam configuration.”

Jack says:

06/02/2021 at 8:45 pm

Saved me, after hours, thanks!

Reply

You (root) are not allowed to access to (crontab) because of pam configuration.

One thought on “You (root) are not allowed to access to (crontab) because of pam configuration.”

Leave a Reply Cancel reply