4

I can get the password and group from the LDAP client getent passwd getent group work sucessfully But when I try 'su USERNAME' the name from the LDAP server or 'ssh USERNAME@localhost' it prompt me a user password, I typed exactly the USERNAME password but it return "su : Authentication Failure" or "Permission denied, Please try again". I don't know why? it only work when I was at root at the client and "su USERNAME"

billyduc
  • 1,617
  • 8
  • 24
  • 26

1 Answers1

3

Check your pam settings for ssh and su.

For example for ssh:

auth    sufficient      pam_ldap.so
account sufficient      pam_permit.so

also make sure that you can login via password in sshd_config

PasswordAuthentication yes

Also check your logs: /var/log/auth.log

rkthkr
  • 8,618
  • 28
  • 38
  • thanks for your answer rkthkr, my LDAP use PAM authentication, can I change the directive "UsePam Yes" in the /etc/ssh/sshd_config, by the way, when I use su command, it first ask for user password, second it also ask me the LDAP password...So what can I configure to by pass the LDAP password – billyduc Dec 12 '09 at 02:06
  • put the ldap password in /etc/pam_ldap.secret(nothing else but the password) and make it only root readable – artifex Jan 11 '10 at 11:24