Hi, This is reported in RedHat Buzilla but when I followed the fix steps in it it does not work, eventually I found my "fix step". I did not modify /etc/pam.d/su, it is "stacked" to use the default /etc/pam.d/system-auth. See: http://web.singnet.com.sg/~garyttt/Installing%20and%20configuring%20Open SSH%20with%20pam_ldap%20for%20RedHat%20Enterprise%20Linux3.htm And http://web.singnet.com.sg/~garyttt Tips: the generated system-auth has a bug such that "su - userid" will display "incorrect password" even when correct password is provided, to fix it, replace one of the "account" lines, as shown below: Change this: account required /lib/security/$ISA/pam_unix.so To that: account sufficient /lib/security/$ISA/pam_unix.so Try adding this line somewhere in /etc/pam.d/su and see if it helps. account sufficient /lib/security/$ISA/pam_unix.so Rgds Gary -----Original Message----- From: pam-list-bounces@xxxxxxxxxx [mailto:pam-list-bounces@xxxxxxxxxx] On Behalf Of Rodrigo S Wanderley Sent: Thursday, August 26, 2004 3:39 AM To: pam-list@xxxxxxxxxx Subject: Problem using pam_ldap in RedHat 9 Hi, Im having some problem trying to autenticate using an ldap database. My /etc/pam.d/su looks like this: auth required /lib/security/$ISA/pam_unix.so auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass account required /lib/security/$ISA/pam_permit.so password required /lib/security/$ISA/pam_permit.so session required /lib/security/$ISA/pam_permit.so I used the pam_permit.so trying to focus only on the auth method. After spending some time in this problem I decided to get the source code of pam_ldap.so, Ive used some printfs on it and saw that it was returning 0 (PAM_SUCCESS) but su keeps giving me 'su: incorrect password'. Had anyone have similar problem and found the answear? ---> Example Session # su rodrigo # rodrigo is an ldap user password: ****** su: incorrect password ---> Any information that you need, please let me now. thanks in advance, RSW OBS: Had no problem to configure Libranet and RH 7.2 ---> /var/log/messages Aug 25 16:09:27 floyd su(pam_unix)[10366]: check pass; user unknown Aug 25 16:09:27 floyd su(pam_unix)[10366]: authentication failure; logname=rodriwan uid=0 euid=0 tty= ruser=root rhost= -- Esta mensagem foi verificada pelo sistema de anti-virus e acredita-se estar livre de perigo. _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
